RE: [security-services] comments: draft-saml-text-based-challenge-response-authn-context-class-01

[Sharon Boeyen <sharon.boeyen@entrust.com>]

Title: RE: [security-services] comments: draft-saml-text-based-challenge-response-authn-context-class-01

Tom, thank you for the comments. I have just uploaded a revised version that addresses them. With respect to you your request for a use case, I am not aware of any normative references however there is an example of a use case in the FFIEC guidance, which discusses such tokens on page 11 under the heading of "Non-Hardware-Based One-Time-Password Scratch Card". It can be found at http://www.ffiec.gov/pdf/authentication_guidance.pdf#search=%22scratch%20card%20authentication%22

Cheers,
Sharon

-----Original Message-----
From: Tom Scavo [mailto:trscavo@gmail.com]
Sent: Thursday, August 10, 2006 1:06 PM
To: OASIS SSTC
Subject: [security-services] comments: draft-saml-text-based-challenge-response-authn-context-class-01

Document identifier: draft-saml-text-based-challenge-response-authn-context-class-01

Errata:

[line 1] s/SAML Text/SAML V2.0 Text-based/

[line 8] s/Editor/Editors/

[line 9, 12, 14, 15, 17, 56] Delete these lines.

[line 18, 36] s/SAML/SAML V2.0/

[line 19, 37] s/time based/time-based/

[line 20] s/set of text based/notion of text-based/

[line 22] s/one/an/

[line 22] s/class/case/

[line 23] s^challenge / response^challenge/response^

[line 24] s/grid tokens/grid tokens,/

[line 25, 38, 44, 45, 58, 65, 150, 151, 153] s/text based/text-based/

[line 27, 63, 64, 65, 67, 112, 115, 122] Wrong font and/or font size for element name.

[line 40] s/SAMLAC-xsd/[SAMLAC-xsd]/

[line 43, 61] s/SAML 2.0/SAML V2.0/

[line 45] s/Authentication Context/authentication context/

[table on line 55] s/text based/text-based/

[table on line 55] s/xsd:/xs:/

[table on line 55] s/and no prefix/if no prefix/

[line 57, 148] s/Text Based/Text-based/

[line 59] s/such as,/such as/

[line 112, 115, 122] Namespace prefix is missing.

[line 114, 117, 119, 123] s/e.g./e.g.,/

[line 114] s/Scratch, grid/scratch, grid,/

[line 119] s/The total/the total/

[line 122] s/If present/If present,/

[line 153] s/reflects that/defines/

[line 153] s/is used/used/

[refs on line 202] s/[SAML2AuthnCxt]/[SAML2AuthnCtx]/

[refs on line 202] s/OASIS SSTC/OASIS Standard/g

[refs on line 202] s/S. Boeyer & T. Wisniewski/S. Boeyer and T. Wisniewski/

[refs on line 202] s/Text Based/Text-based/

Comments:

s^challenge response^challenge/response^ throughout.

The document ID in the footer does not agree with document ID on line 5.

The date in the footer does not agree with date on line 3.

The copyright date in the footer should be 2006, not 2005.

Add prefix ac: to the table on line 55.

All the comments in the table on line 55 need a reference.

Can you provide a use case that describes the use of a text-based token?  Is there a (non-normative) background reference that explains in more detail what a text-based challenge/response token is?

Element </xs:element> missing after line 110.

The elements on lines 112 and 115 do not agree with the elements defined in the schema on lines 68--110.

The elements used on lines 135--141 are missing namespace prefixes.

Each line in section 4 needs its own line number.

Some of the references on line 202 have permanent URLs, which should be used.

The titles of all references on line 202 should be italicized.