[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments re sstc-saml-binding-simplesign-cd-04
SAML V2.0 HTTP POST "SimpleSign" Binding Document ID sstc-saml-binding-simplesign-cd-04 Comments: - [line 27] Replace this previous SSTC co-chair with a current co-chair. - [lines 138--141] This paragraph belongs in section 2, which is normative. - [line 153] The prefix SOAP-ENV: defined in the table is unused. - [section 1.3] This section includes both normative and non-normative references. - [lines 197--199] This should be the Second Edition of the XML Signature specification. - Underlining should be replaced with italics and/or boldfaced throughout. - [lines 222-225] This sentence appears to be saying just the opposite of what's intended, I think. - [line 249] What base64 encoding rules are you referring to? - [lines 279--280] According the HTML4 spec, the enctype attribute on the HTML <form> element defaults to "application/x-www-form-urlencoded" so why MUST it be set to the previous value? - [lines 294--297] This requirement is actually a conformance requirement and therefore it belongs in section 1.4. - [lines 299--311] Should the concatenated strings be URL-encoded before or after applying the signature algorithm? - [lines 316--320] I'm not sure I understand the point being made in this paragraph. First, there are no form controls in an HTTP GET request, so I'm not sure what you're referring to when you use that term here. Second, literal line feeds are not allowed in an URI, they must be URL-encoded, right? Do you still have problems have URL-encoding? I guess I find that hard to believe. - What processing steps are required if the message is NOT SimpleSigned? - [line 375] The normative requirement for TLS 1.0 is a requirement for a version of TLS that has been twice obsoleted by two newer versions of TLS. - [lines 382--385] These lines are redundant with other lines in section 2. - [lines 408--410] If the Signature form control is not present, may the message be processed according to the SimpleSign binding spec? Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]