[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] comments on Last Call core doc - draft 17
Scott, many thanks for the response. Re "affiliations" - in the Technical Overview and the new Federation section I will attempt to describe this and place it into context. John > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: 16 July 2004 05:04 > To: 'John Hughes'; 'Security-Services' > Subject: RE: [security-services] comments on Last Call core doc - draft > 17 > > > I think you mean core comments, not profiles. > > > - line 1764 and else where through out doc. Came across the use of > > "Replying Party". In many instances "Service Provider" may be more > > appropriate - and hence a quick check should be performed. > > However if it is appropriate to use Replying Party - perhaps I should > > define (and scope it) in the Technical Overview > > I assume you mean "Relying Party"? That's a specific term that I > incorporated into the set of actors in the authentication request section > after discussions with Ron and others. > > In some cases, the relying party is a single service provider in the sense > that profiles uses it, but the protocol doesn't assume that in all cases. > > Relying Party I think might have a definition already in the glossary, I > guess I was shooting for a more precise usage in the protocol. But there > might be multiple relying parties, so it's broader than just a service > provider. > > Where I think I'm sloppy is in the NameID/NameIDPolicy stuff, > where I throw > around issues of "namespaces" and SPs and affiliations without any > explanation. Probably we need to add language up front in core to describe > the formal use of NameQualifier/SPNameQualifier. This isn't always the > required usage, but it is constrained fairly precisely when using the > persistent/transient formats, which are the Liberty (and > Shibboleth to some > extent)-contributed aspects. > > > -line 2206 re scheme snippet for TerminateType - is this > > correct? Doesn't > > look right to me - we have a hanging/empty <sequence/> element > > It's legal, it just means the element is empty. It's eqivalent to > not having > the <sequence/> there at all, but I think that looks weird. If it's > confusing to people, we can pull it. > > -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]