[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: An ambiguity in 1.1 that we should clarify in SAML 2.0 re: artifact processing
The following issue came up when dealing with some
conformance test cases for SAML 1.1. I provided my opinion in a response. We
should decide how to modify the text to clarify the expected behavior. Thoughts? TC #39 – When a request to dereference is sent with
over a connection authenticated by Partner A, but with an artifact the TA had
sent to Partner B, the response should be a status code of
“Success” and no assertions. When a request is next made over
a channel authenticated by Partner B using an artifact sent to Partner B, how
should the TA respond? Should it return the assertions, or an error code? [RSP] Hmmm – This isn’t defined in the
spec. Technically, you could treat them independently and return an
assertion to B. But the paranoid in me says the AP should audit the first
event (artifact didn’t come from the right site), and declare the
one-time use of the artifact to be met, discard it, and return no assertion
when it comes from the expected site. That would hopefully alert folks at
all 3 sites that there is a problem that needs to be investigated. At
least that’s how I’d build a “secure” product. We should probably have the TC decide on the correct
response, document it in a V1.1 corrigendum, and address it in V2.0 as well. Rob Philpott |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]