OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Action Items 236 and 231

Does not appear that we added this....Scott, should I add this?

Thanks,
Jahan
------------------------
Jahan Moreh
Chief Security Architect
310.288.2141
 

> -----Original Message-----
> From: Ari Kermaier [mailto:ari.kermaier@oracle.com] 
> Sent: Wednesday, July 19, 2006 3:50 PM
> To: Scott Cantor; security-services@lists.oasis-open.org
> Subject: RE: [security-services] Action Items 236 and 231
> 
> Was AI 236 ever captured in errata? I can't seem to find it...
> ::Ari
> 
> > -----Original Message-----
> > From: Scott Cantor [mailto:cantor.2@osu.edu]
> > Sent: Tuesday, October 11, 2005 6:27 AM
> > To: security-services@lists.oasis-open.org
> > Subject: [security-services] Action Items 236 and 231
> > 
> > 
> > > *0236*: Errata on SSO Response when using HTTP-Artifact
> > >
> > > http://lists.oasis-open.org/archives/saml-dev/200509/msg00019.html
> > 
> > Minor issue, but I suggest we insert a clarifying paragraph 
> after line 
> > 1173 of Bindings:
> > 
> > "Finally, note that the use of the Destination attribute in 
> the root 
> > SAML element of the protocol message is unspecified by this 
> binding, 
> > because of the message indirection involved."
> > 
> > > *#0231*: SOAP client cert authn and reln to SAML messages
> > 
> > My memory of this "issue" isn't great, but I suppose we could add 
> > clarifying text to section 3.1.2.2 of Bindings by adding a 
> sentence to 
> > the first
> > paragraph:
> > 
> > "Note that when SSL/TLS authentication is used, an X.509 
> certificate 
> > presented by a peer is typically used to authenticate messages 
> > produced by that peer, but the means by which the relationship is 
> > established between the identity in the certificate and the 
> identity 
> > of the peer is not defined by SAML."
> > 
> > Another way to go (arguably better perhaps) is to push all 
> this to the 
> > phantom impl guidelines doc where we can hand wave about 
> PKI and trust 
> > to our heart's content.
> > 
> > -- Scott
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the 
> OASIS TC that 
> > generates this mail.  You may a link to this group and all 
> your TCs in 
> > OASIS
> > at:
> > 
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS 
> TC that generates this mail.  You may a link to this group 
> and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr
oups.php 
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]