OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Editorial Update to Section 3.3 of conformance


On the December 21 conference call, Thomas W. and
Scott C. suggested that Section 3.3 of the conformance
document might require some additional text clarifying
intent. I had taken an action to start a thread on the
subject.


Section 3.3 includes the following text (lines
192-196):
---------------------------
All relevant operational modes MUST implement the
following SAML-defined identifiers:
1. All Attribute Name Format Identifiiers as defined
in Section 8.2 of [SAMLCore].
2. All Name Identifier Format Identifiers as defined
in Section 8.3 of [SAMLCore].
3. All Consent Identifiers as defined in Section 8.4
of [SAMLCore].
-----------------------------

The intent here is the following: it should be
possible to configure a conformant SAML 2.0
implementation to generate and consume assertions
containing the identifiers described in these
sections. One question that might then be asked is
whether consuming/generating such assertions implies
implementation of additional processing rules (e.g.,
integration with a Windows NT identity store).

A close reading of Sections 8.2-8.4, reveals that with
the exception of 8.3.7 and 8.3.8, no normative
processing rules are prescribed. In other words,
leaving aside these sections, all of the remaining
material is concerned with constraints on the element
(attribute) values or the intent of the message
issuer.

I would propose we add the following sentences
following line 196 to Section 3.3:

Sections 8.3.7 and 8.3.8 prescribe normative
processing rules for persistent and transient
identifiers requiring implementation by conformant
implementations. Sections 8.2-8.3 do not specify
normative processing rules for any of the remaining
identifiers.  


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]