[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)
Draft-12 of the Attribute Sharing Profile has been uploaded to the archive: http://www.oasis-open.org/apps/org/workgroup/security/download.php/23148/sstc-saml-x509-authn-attrib-profile-draft-12.odt http://www.oasis-open.org/apps/org/workgroup/security/download.php/23149/sstc-saml-x509-authn-attrib-profile-draft-12.pdf http://www.oasis-open.org/apps/org/workgroup/security/download.php/23150/sstc-saml-x509-authn-attrib-profile-draft-12-diff.pdf There are still two "bugs" that I can see: 1. The <saml:Audience> requirement on lines 191--192 can only be met if the SP authenticates to the IdP, but the security characteristics of Basic Mode are mostly inherited from the Attribute Query/Request Profile, which does not mandate authenticated queries. 2. The metadata requirements in section 3.4 stipulate that if SAML metadata is used, query:AttributeQueryDescriptorType SHOULD be used, but since this type is the only such type available for use, it seems the normative language is too weak in this case. Perhaps we can discuss these issues on the next con-call. Tom Scavo NCSA/University of Illinois
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]