OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] comments on Last Call core doc - draft 17


Scott,

many thanks for the response.

Re "affiliations" - in the Technical Overview and the new Federation section
I will attempt to describe this and place it into context.


John



> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: 16 July 2004 05:04
> To: 'John Hughes'; 'Security-Services'
> Subject: RE: [security-services] comments on Last Call core doc - draft
> 17
>
>
> I think you mean core comments, not profiles.
>
> > - line 1764 and else where through out doc.  Came across the use of
> > "Replying Party".  In many instances "Service Provider" may be more
> > appropriate - and hence a quick check should be performed.
> > However if it is appropriate to use Replying Party - perhaps I should
> > define  (and scope it) in the Technical Overview
>
> I assume you mean "Relying Party"? That's a specific term that I
> incorporated into the set of actors in the authentication request section
> after discussions with Ron and others.
>
> In some cases, the relying party is a single service provider in the sense
> that profiles uses it, but the protocol doesn't assume that in all cases.
>
> Relying Party I think might have a definition already in the glossary, I
> guess I was shooting for a more precise usage in the protocol. But there
> might be multiple relying parties, so it's broader than just a service
> provider.
>
> Where I think I'm sloppy is in the NameID/NameIDPolicy stuff,
> where I throw
> around issues of "namespaces" and SPs and affiliations without any
> explanation. Probably we need to add language up front in core to describe
> the formal use of NameQualifier/SPNameQualifier. This isn't always the
> required usage, but it is constrained fairly precisely when using the
> persistent/transient formats, which are the Liberty (and
> Shibboleth to some
> extent)-contributed aspects.
>
> > -line 2206 re scheme snippet for TerminateType - is this
> > correct?  Doesn't
> > look right to me - we have a hanging/empty <sequence/> element
>
> It's legal, it just means the element is empty. It's eqivalent to
> not having
> the <sequence/> there at all, but I think that looks weird. If it's
> confusing to people, we can pull it.
>
> -- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]