[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-comment] comments: wss-saml-token-profile-1.0-cd-04
Tom, Your issue with the example at line 708, has come up before. The description was modifed to clarify that 2 assertions are used in the example. One identifies the attesting entity, and the other, a s-v confirmed assertion, identifies the entity that the attesting entity is vouching for. The s-v confirmed assertion is not contained in the message. STR1 is a remote reference to the s-v confirmed assertion. The h-o-k assertion contained in the message identifies the attesting entity and its signing key. The example demonstrates the use of the STR transform to cause the s-v assertion (not the reference) to be digested in the signature verification. The attesting entity uses the key in the h-o-k assertion to bind the s-v confirmed assertion to the message content. The example is an all-SAML variant of what could also have been accomplished with an X509 certificate being used in the place of the h-o-k assertion. I will apply your comments in the next update to the profile (which BTW was recently ratified as an OASIS standard). thanks, Ron Tom Scavo wrote: >Document: wss-saml-token-profile-1.0-cd-04 > >Major bug on line 708 (see below). > >Errata: > >[line 138, 240, 242, 243, 502, 829, 838, 858] Replace "i.e." with "i.e.,". > >[line 141] Restart numbering. (?) > >[line 168] Strings "S11" and "S12" are set in wrong font. > >[line 168] Replace "Urn: oasis:names:tc:SAML:1.0:assertion" with >"urn:oasis:names:tc:SAML:1.0:assertion". > >[line 168] Replace "Urn: oasis:names:tc:SAML:1.0:protocol" with >"urn:oasis:names:tc:SAML:1.0:protocol". > >[line 186] Replace "assertions" with "SAML assertions". > >[line 186] Append "For example, a SAML Authentication Authority issues >authentication assertions. > >[line 259] Use straight quotes instead of curved quotes. > >[line 303] Contradictory phrase "<saml:AssertionID> attribute". > >[line 551, 682] Delete extraneous colon. > >[line 560, 691] Timestamp fails sanity check: NotBefore < IssueInstant >< NotOnOrAfter > >[line 564, 695] Replace "xmlns" with "xmlns:saml". > >[line 572, 703] Replace 'Format="..."' with >'Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"'. > >[line 586, 592] Replace "oasis.open" with "oasis-open". > >[line 587, 593] Join line with previous line. > >[line 708] Replace "holder-of-key" with "sender-vouches". > >[line 829] Hyphenate "authority-protected". > >[line 838] Delete "and". > >[line 839] Hyphenate "origin-protected". > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]