[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Errors in Authentication Context Schemas
Hi Paul, Comments inline: ext Paul Madsen wrote: >I think 2) and 3) are simple editorial. There may be something more involved >with 1) > >1) Core AC schema defines RestrictedPasswordType with a minInclusive length >for the password of 3 characters. > ><xs:complexType name="RestrictedLengthType"> > <xs:complexContent> > <xs:restriction base="LengthType"> > <xs:attribute name="min" use="required"> > <xs:simpleType> > <xs:restriction base="xs:integer"> > <xs:minInclusive value="3"/> > </xs:restriction> > </xs:simpleType> > </xs:attribute> > <xs:attribute name="max" type="xs:integer" use="optional"/> > </xs:restriction> > </xs:complexContent> > </xs:complexType> > >Not clear to me why Core should define a specific requirement of a minimum >password length. Putting such a restriction into Core rather than a >particular class would prevent anybody from defining a new class with a >minimum length of 2 characters? > > The core AuthnContext schema defines it so that this type could be used in multiple other extension classes. One could also, separately define another restriction with a different length (in a class schema for example). The presence of this type does not preclude that. > >2) The class schemas all? still have the <AuthenticatingAuthority> element. >It was removed from the Core schema and elevated to a child of ><AuthnStatement> > >Propose removing <AuthenticatingAuthority> from the class schemas. > > Yes. I think there is an editorial mistake here, because I did actually remove this element prior to the first CD review. I can only imagine that there is some kind of versioning mistake. With CVS, I guess we'll never know, and never be able to prevent such things ;) > >3) The Core AC schema defines AuthnContextDeclarationBaseType with an ><AuthenticationMethod>, the classes use <AuthnMethod> > >Propose renaming <AuthnMethod> in class schemas to <AuthenticationMethod> > > I remember having some discussion about what we should and should not abbreviate, so I think I was using the results of that general discussion to make this choice. I am (of course!) an advocate of smaller messages, so would prefer to leave it abbreviated... - JohnK
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]