[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Groups - WSS-SAML-11.pdf uploaded
Dims, The sender-vouches example in 3.4.2.3 is perhaps a little more than it seems. The example uses only SAML assertions, and thus there is a holder-of-key assertion (referenced by STR 2) from keyInfo that is being used to carry the key of the vouching sender. The sender-vouches confirmed assertion is referenced from SignedInfo (by id = "#STR1") and is being signed by the key in the holder-of-key assertion. The example could have used a keyIdentifier reference to an X509 cert from KeyInfo, but as I noted above, I was trying to show an all SAML example. If you think the example is not very helpful, I would be willing to discuss changing it. Ron Srinivas, Davanum M wrote: >Ron, > >Here's some feedback from my team >--------------------- Feedback from Werner ------------------------- >IMO there is a wrong example in the profile spec: >chapter 3.4.2.3) contains a SAML Assertion which does not specifiy >sender-vouches (holder-of-key instead). Seems to be a "copy-paste >error"). Thus also the following references, KeyInfo etc. may be out of >sync. >--------------------- Feedback from Werner ------------------------- > >Thanks, >dims > >-----Original Message----- >From: ronald.monzillo@sun.com [mailto:ronald.monzillo@sun.com] >Sent: Friday, May 21, 2004 6:43 PM >To: wss@lists.oasis-open.org >Subject: [wss] Groups - WSS-SAML-11.pdf uploaded > >The document WSS-SAML-11.pdf has been submitted by ronald monzillo >(ronald.monzillo@sun.com) to the OASIS Web Services Security TC document >repository. > >Document Description: >1. Moved "http://...documents.php" URL from "Location" to "Document >Repository (temporary):" which will be removed when document is >available from "Location". > > > >2. In section "1.1.1 Non-Goals", added new bullet to indicate that >describing support for V1.0 assertions is outside the scope of the >profile. > > > >3. Changed SAMLAssertion-1.0 wsse:Reference/@ValueType to >SAMLAssertion-1.1 in examples (lines 366, 611, and 752). > > > >4. Updated document, specification, and schema URL's to accommodate >change to OASIS document URLs(i.e. www.docs.oasis-open.org changed to >docs.oasis-open.org). > > > >5. Removed SAMLAssertion-1.0 wsse:Reference/@ValueType from "Table-2 >ValueType Attribute Values." Also removed footnote on Table title. > > > >6. Editorial correction made to the attributes of the NameIdentifier >element in the examples (see lines 564 and 684). > > > >7. In section 3.4, "Subject Confirmation of SAML Assertions" (line 485), >changed the reference to be to [SAMLCore] for the definition of the >validation and processing rules that apply to SAML assertions. Also (as >the resolution to issue 275), extended the stated reliance (on >[SAMLCore]) with "including the validation of assertion signatures, and >the processing of elements within Assertions". > >Download Document: >http://www.oasis-open.org/apps/org/workgroup/wss/download.php/6877/WSS-S >AML-11.pdf > >View Document Details: >http://www.oasis-open.org/apps/org/workgroup/wss/document.php?document_i >d=6877 > > >PLEASE NOTE: If the above links do not work for you, your email >application may be breaking the link into two pieces. You may be able >to copy and paste the entire link address into the address field of your >web browser. > > > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup >.php. > > > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]