OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Proposed clean up on subject text


> So, you don't see any danger in a malicious party presenting such an
> assertion to another relying party that interpreted the spec's
> unspecificity is this area (which I don't see actually stated anywhere)
> differently -- as "bearer", for instance?  This is my motivation for the
> MUST clarification.

No, the spec definitely doesn't say that, and we all think it should say
something so that there's no confusion anymore.

But, I think "unspecified" means exactly that. You can't interpret it any
specific way and claim that's what the spec implied. It becomes application
specific.

My earlier point was that this is basically what sender-vouches means, but
then I always viewed them as essentially the same...

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]