OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss-comment] comments: wss-saml-token-profile-1.0-cd-04

Tom,

Your issue with the example at line 708, has come up before.
The description was modifed to clarify that 2 assertions
are used in the example. One identifies the attesting entity, and
the other, a s-v confirmed assertion, identifies the entity that the
attesting entity is vouching for.

The s-v confirmed assertion is not contained in the message.
STR1 is a remote reference to the s-v confirmed assertion.
The h-o-k assertion  contained in the message identifies the
attesting entity and its signing key.

The example demonstrates the use of the STR transform to cause
the s-v assertion (not  the reference) to be digested in the signature
verification.

The attesting entity uses the key in the h-o-k assertion to bind the
s-v confirmed assertion to the message content.

The example is an all-SAML variant of what could also have been
accomplished with an X509 certificate being used in the place of the
h-o-k assertion.

I will apply your comments in the next update to the profile
(which BTW was recently ratified as an OASIS standard).

thanks,

Ron

Tom Scavo wrote:

>Document: wss-saml-token-profile-1.0-cd-04
>
>Major bug on line 708 (see below).
>
>Errata:
>
>[line 138, 240, 242, 243, 502, 829, 838, 858] Replace "i.e." with "i.e.,".
>
>[line 141] Restart numbering. (?)
>
>[line 168] Strings "S11" and "S12" are set in wrong font.
>
>[line 168] Replace "Urn: oasis:names:tc:SAML:1.0:assertion" with
>"urn:oasis:names:tc:SAML:1.0:assertion".
>
>[line 168] Replace "Urn: oasis:names:tc:SAML:1.0:protocol" with
>"urn:oasis:names:tc:SAML:1.0:protocol".
>
>[line 186] Replace "assertions" with "SAML assertions".
>
>[line 186] Append "For example, a SAML Authentication Authority issues
>authentication assertions.
>
>[line 259] Use straight quotes instead of curved quotes.
>
>[line 303] Contradictory phrase "<saml:AssertionID> attribute".
>
>[line 551, 682] Delete extraneous colon.
>
>[line 560, 691] Timestamp fails sanity check: NotBefore < IssueInstant
>< NotOnOrAfter
>
>[line 564, 695] Replace "xmlns" with "xmlns:saml".
>
>[line 572, 703] Replace 'Format="..."' with
>'Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"'.
>
>[line 586, 592] Replace "oasis.open" with "oasis-open".
>
>[line 587, 593] Join line with previous line.
>
>[line 708] Replace "holder-of-key" with "sender-vouches".
>
>[line 829] Hyphenate "authority-protected".
>
>[line 838] Delete "and".
>
>[line 839] Hyphenate "origin-protected".
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]