[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on sstc-saml-profiles-2.0-draft-02
Comments below: John *************************************************************** - In section 3.1/3.2/3.3 we should start to use IDp and SP terms - line 193. In the generic description of Web Browser SSO profiles the "assertion consumer service" is used. However this component is only used in Browser/POST profile. - line 263 re <inter site transfer host name> (plus else where in spec). I know we went though this the last time in SAML 1.1. But we still have it wrong - and for http-literate reader its confusing. line 249 is correct re URL structure. Line 260 is correct. However having line 263 confuses things - as it does not relate to the example. Note: <path> can either be the abs_path on the web server - or it be the absoluteURI. In HTTP 1.1 it would be more normal for the HTTP req to be of the form: GET /artifactReceiver?TARGET={target} HTTP/1.1 Host: www.remoteServer.com:8001 although u could have (and it would be rare and only in HTTP 1.0 clients) the following GET http://www.remoteServer.com:8001/artifactReceiver?TARGET={target} HTTP/1.1 in line 256 u already define the host location. I would therefore recommend just deleting lines 263->265 (and else where were this style is used) line 268: Target=<Target> => TARGET=<Target> line 682: The diagram has 6 steps - yet following sections only describe step 1 and 2 line 687: should we not use a SAML URI - rather than liberty line 692: not clear what the service value (urn:saml2:idp:authentication) - seems like a new type of saml URI has been defined line 692 on the PAOS: header line. The quotation marks are wrong line 700: what does "targeted at "next" mean? Is this the "role" attribute? line 705: what SOAP Message security header block? Is this WSS? line 708: Attribute responseConsumerURL - yet the description is for the assertionConsumerURL (and the example in 711 has responseConsumerURL) line 711, 715, 726: I guess the "plugh" namespace will be replaced with the correct one line 726 (and 730): The examples have a <AuthResponse> element. Core does not define such an element - and it defines it to be in the liberty namespace. line 782: TLS_RSA_WITH_AES (missing WITH)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]