[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Comments on Tech Overview rev 13
Eve, I tried to let this go but it was causing me to lose sleep :-) This seemingly small point impacts nearly all the expository work I've done regarding the SSO profile. Can we flesh this out a little more? Please see below. On 3/5/07, Eve L. Maler <Eve.Maler@sun.com> wrote: > On 3/5/07, Tom Scavo <trscavo@gmail.com> wrote: > > On 3/4/07, Eve L. Maler <Eve.Maler@sun.com> wrote: > > > > > > - Sec 4.1.2, Figure 12 (and globally throughout all the figures): I > > > suspect the arrow for step 1, "Access resource", is supposed to be > > > dotted, not solid, because it's out of band for SAML. (This is > > > probably a bug of long standing -- I'm sorry!) My interpretation is just the opposite. By all indications, steps 1 and 7 are in band and in scope. In particular, see sections 4.1.3.1 and 4.1.3.6 in SAMLProf. > > Good point. Since this requires a change to the diagram, can I make > > another suggestion (at the risk of being pedantic)? A flow diagram > > illustrating request-response exchanges should not have an odd number > > of steps. The culprit in this case is step 2, which is really a pair > > of steps. > > It's a pair depending on the binding... It doesn't seem like the binding matters. The profile specifies a number of round trips between a user agent and a SAML entity. The flow begins and ends with a user agent. Thus the total number of steps is a multiple of two. This is true in all cases, even artifact. > I personally don't think we need to hew to this rule. That's fine. It's mostly pedagogical and not worth quibbling about in general. I personally find this to be a useful rule when writing documentation and so forth since it leads to reasonably complete end-to-end flows that novices can understand. Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]