security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: SAML Error processing (was rejecting SAML requests)
- From: "Conor P. Cahill" <concahill@aol.com>
- To: SAML <security-services@lists.oasis-open.org>
- Date: Tue, 5 Jul 2005 16:17:57 -0400
I took an action item from today's call to review the section in the
bindings spec related to error processing... So here it be... The
section numbers and line numbers are all from "saml-bindings-2.0-os.pdf"
Section 3.2.2.1, lines 310-317:
- Change the
first sentence to read:
- The SAML
responder SHOULD return a SOAP message containing either a SAML
response element in the body or a SOAP fault.
- Delete the
3rd sentence (If a SAML responder cannot, for some reason,
process....). SOAP defines when a SOAP fault is required and SAML goes
into detail about what we should return when in section 3.2.3.3 "Error
Reporting".
- Change the
4th sentence to soften the "MUST NOT" and make it a "SHOULD NOT" as
there can be sufficient security through obscurity reasons to do so in
some cases.
- Add a new
sentence at the end of the paragraph noting that details about error
handling are covered in section 3.2.3.3 "Error Reporting" or something
to that effect.
Section 3.2.3.3,
lines 370-383
- I suggest we
change the MUST on line 378 to a SHOULD.
- Otherwise
the detail in this section is quite good and should have clarified any
questions raised by section 3.2.2.1)
Conor
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]