[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core in SSO profile on returning error Responses to SP
> I agree that there is a conflict between the current texts in Core and > Profiles in terms of MUST vs. SHOULD, but if that can be resolved without > changing the underlying nature of the guidance to implementers, I think that > would be a cleaner result. I proposed the following compromise wording for Kantara: "Identity Provider implementations MUST support the issuance of <saml2p:Response> messages (with appropriate status codes) in the event that authentication of the user is unsuccessful, provided that the user agent remains available and an acceptable location to which to deliver the response is available." For errata purposes, I would s/MUST/SHOULD. I'd probably also hold open the issue on our side pending finalization of the language in the profile there. My feeling is that it's insufficient and overly specific to talk only about "authn of the user", but I don't know what else to say. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]