[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-08
On Sun, Dec 7, 2008 at 11:41 PM, Nate Klingenstein <ndk@internet2.edu> wrote: > >> - Section 1.5 needs to be replaced with an inline revision history as >> suggested in this comment: >> >> http://lists.oasis-open.org/archives/security-services/200811/msg00030.html >> >> - A section entitled "TLS Usage" seems to be required. The text in >> this new section should reference the steps in section 2.3 and >> emphasize where TLS is required and where it is optional. Where it is >> optional (step 1), the possible uses of client TLS should be outlined. >> (Possible uses of client TLS at step 1 include: 1) to construct a >> specific <saml:SubjectConfirmation> element, 2) to use the TLS session >> in lieu of a cookie-based session, and 3) to use information in the >> certificate for the purposes of IdP Discovery.) > > I'm not going to be able to complete these two and still hand the document > over to you in a timely fashion, so you're welcome to patch them in > yourself. I'll do that, thanks. >> - I'm still waiting for an opportunity to edit this document :-) > > You're more than welcome to take a red pen directly to it after draft 10. Will do! Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]