OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Action Items 236 and 231


> *0236*: Errata on SSO Response when using HTTP-Artifact
> 
> http://lists.oasis-open.org/archives/saml-dev/200509/msg00019.html

Minor issue, but I suggest we insert a clarifying paragraph after line 1173
of Bindings:

"Finally, note that the use of the Destination attribute in the root SAML
element of the protocol message is unspecified by this binding, because of
the message indirection involved."

> *#0231*: SOAP client cert authn and reln to SAML messages

My memory of this "issue" isn't great, but I suppose we could add clarifying
text to section 3.1.2.2 of Bindings by adding a sentence to the first
paragraph:

"Note that when SSL/TLS authentication is used, an X.509 certificate
presented by a peer is typically used to authenticate messages produced by
that peer, but the means by which the relationship is established between
the identity in the certificate and the identity of the peer is not defined
by SAML."

Another way to go (arguably better perhaps) is to push all this to the
phantom impl guidelines doc where we can hand wave about PKI and trust to
our heart's content.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]