OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Comment on bindings-11

> This binding CANNOT be used if the content of the request or 
> response cannot be exposed to the user agent intermediary. 
>  
> I dont understand the intent of this language. I also
> don't believe that the use of "CANNOT" is consistent with RFC2119.

The intent is that you don't use this binding if you don't want the browser
to have any access to the message. You would use artifact in that case.

I did ask the question at one point whether we wanted to just support
encryption of messages going through the browser, but I think it was decided
that encryption of the assertion was enough.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]