OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Errors in Authentication Context Schemas

Hi Paul,

Comments inline:

ext Paul Madsen wrote:

>I think 2) and 3) are simple editorial. There may be something more involved
>with 1) 
> 
>1) Core AC schema defines RestrictedPasswordType with a minInclusive length
>for the password of 3 characters. 
> 
><xs:complexType name="RestrictedLengthType">
>    <xs:complexContent>
>      <xs:restriction base="LengthType">
>        <xs:attribute name="min" use="required">
>          <xs:simpleType>
>            <xs:restriction base="xs:integer">
>              <xs:minInclusive value="3"/>
>            </xs:restriction>
>          </xs:simpleType>
>        </xs:attribute>
>        <xs:attribute name="max" type="xs:integer" use="optional"/>
>      </xs:restriction>
>    </xs:complexContent>
>  </xs:complexType>
>
>Not clear to me why Core should define a specific requirement of a minimum
>password length. Putting such a restriction into Core rather than a
>particular class would prevent anybody from defining a new class with a
>minimum length of 2 characters?  
>  
>
The core AuthnContext schema defines it so that this type could be used 
in multiple other extension classes. One could also, separately define 
another restriction with a different length (in a class schema for 
example). The presence of this type does not preclude that.

> 
>2) The class schemas all? still have the <AuthenticatingAuthority> element.
>It was removed from the Core schema and elevated to a child of
><AuthnStatement>
> 
>Propose removing <AuthenticatingAuthority> from the class schemas.
>  
>
Yes. I think there is an editorial mistake here, because I did actually 
remove this element prior to the first CD review. I can only imagine 
that there is some kind of versioning mistake. With CVS, I guess we'll 
never know, and never be able to prevent such things ;)

> 
>3) The Core AC schema defines AuthnContextDeclarationBaseType with an
><AuthenticationMethod>, the classes use <AuthnMethod>
> 
>Propose renaming <AuthnMethod> in class schemas to <AuthenticationMethod>
>  
>
I remember having some discussion about what we should and should not 
abbreviate, so I think I was using the results of that general 
discussion to make this choice. I am (of course!) an advocate of smaller 
messages, so would prefer to leave it abbreviated...

- JohnK

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]