[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Additional Interop scenarios document issues and proposed changes
More interop document suggestions, of two kinds: 1. Editorial 2. Policy I've attached a red-lined Word document where I've implemented these changes, also have Word comments in the doc. None of my suggestions should impact the interop itself. Summary: Editorial - I suggest we use section numbering and line numbers for ease of reference. - Change background colors in table headers for readability online and in print - fix spelling in text of "KeyInfo" to be correctly capitalized - fix "RequestSecurityToken/KeySize", slash was wrong way - line 404, RTSRC returned containing RSTR Policy I attempted to add a Policy statement for each case, for the STS policy and for the server policies. In some cases it wasn't exactly clear what the policy was, for example the version of the SAML token profile required etc. Which version of SAML token profile does interop require, assume it requires SAML 1.1 tokens. I discovered a few potential policy issues: - how to require separate key derivation for signing and encryption versus one key derivation for both - is it correct/best practice to include IncludeToken on a token within a ProtectionToken element to indicate that the token should or should not be sent? - how to state confirmation method requirement in policy (e.g. HoK for SAML tokens) Comment/correction on the policy statements welcome. Thanks regards, Frederick Frederick Hirsch Nokia
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]