OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - SAML 2.0 Errata(sstc-saml-errata-2.0-draft-00.pdf) uploaded

One minor thing I noticed in Bindings (sstc-saml-bindings-2.0-cd-04), if I'm not misunderestimating something:

Section 3.4.3 (Relay State for HTTP Redirect) lines 551-553 read

"Signing is not realistic given the space limitation, but because the value is exposed to third-party tampering, the entity SHOULD insure that the value has not been tampered with by using a checksum, a pseudo-random value, or similar means."

This language should probably be deleted or modified, as the RelayState parameter *is* covered by the query string signature described in 3.4.4.1 (DEFLATE Encoding).

The same language is correctly present in 3.5.3 (Relay State for HTTP POST), as no means of signing the POST form control data is defined.

Regards,
Ari Kermaier

> -----Original Message-----
> From: jmoreh@sigaba.com [mailto:jmoreh@sigaba.com]
> Sent: Monday, January 31, 2005 6:42 PM
> To: security-services@lists.oasis-open.org
> Subject: [security-services] Groups - SAML 2.0 Errata
> (sstc-saml-errata-2.0-draft-00.pdf) uploaded
> 
> 
> This document lists the reported errata and potential errata 
> against the
> OASIS SAML 2.0 Committee Specifications and their status. A 
> Word version is
> also available
> 
>  -- Mr Jahan Moreh
> 
> The document named SAML 2.0 Errata 
> (sstc-saml-errata-2.0-draft-00.pdf) has
> been submitted by Mr Jahan Moreh to the OASIS Security 
> Services (SAML) TC
> document repository.
> 
> Document Description:
> This document lists the reported errata and potential errata 
> against the
> OASIS SAML 2.0 Committee Specifications and their status. 
> 
> Download Document:  
> http://www.oasis-open.org/apps/org/workgroup/security/download
.php/11265/sstc-saml-errata-2.0-draft-00.pdf

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=11265


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]