security-services message

Subject: RE: [security-services] Editorial Update to Section 3.3 of confor mance

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'prateek mishra'" <pmishra@principalidentity.com>, "'Thomas Wisniewski'" <Thomas.Wisniewski@entrust.com>, <security-services@lists.oasis-open.org>
Date: Tue, 4 Jan 2005 11:32:47 -0500

> Your position seems to be that a conformant SAML
> generator should be able to include "obtained" in any
> message thru a configuration setting. Ultimately, this
> would lead to conformance tests in which SAML
> generators are required to insert any of the constants
> into messages. And at the same time there would be no
> requirement to test whether the implementation
> provides some means of obtaining consent. 

I don't think that's testable, personally.

> Is this the position that is broadly acceptable? If
> so, we should have some text in Section 3.3 of
> conformance that reflects this understanding.

It's definitely my position.

-- Scott

References:
- RE: [security-services] Editorial Update to Section 3.3 of confor mance
  - From: prateek mishra <pmishra@principalidentity.com>