OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Public Review of SAMLv2.0 HTTP POST "SimpleSign" Binding - 15 day review


FYI - since we are actively considering SimpleSign as a model, folks on the
trust team should take a look at this new public review draft.

=Drummond 

-----Original Message-----
From: Mary McRae [mailto:marypmcrae@gmail.com] On Behalf Of Mary McRae
Sent: Tuesday, December 23, 2008 11:34 AM
To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org
Subject: [members] Public Review of SAMLv2.0 HTTP POST "SimpleSign" Binding
- 15 day review

To OASIS members, Public Announce Lists:

The OASIS Security Services TC has recently approved the following
specification as a Committee Draft and approved the package for public
review:

SAMLv2.0 HTTP POST "SimpleSign" Binding Version 1.0

The public review starts today, 23 December 2008, and ends 9 January 2009.
This specification was previously submitted for a 60-day public review on 11
December 2007[1]; this 15-day review is limited in scope to changes made
from the previous review. The only change is noted below[2]. 

This is an open invitation to comment. We strongly encourage feedback from
potential users, developers and others, whether OASIS members or not, for
the sake of improving the interoperability and quality of OASIS work.

More non-normative information about the specification and the technical
committee may be found at the public home page of the TC at 
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
Comments may be submitted to the TC by any person through the use of the
OASIS TC Comment Facility which can be located via the button marked "Send A
Comment" at the top of that page, or directly at 
http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security.

Submitted comments (for this work as well as other works of that TC) are
publicly archived and can be viewed at 
http://lists.oasis-open.org/archives/security-comment/. All comments
submitted to OASIS are subject to the OASIS Feedback License, which ensures
that the feedback you provide carries the same obligations at least as the
obligations of the TC members.

The specification document and related files are available here:

Editable Source:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.odt 

PDF:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.pdf 

HTML:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.html 


OASIS and the Security Services TC welcome your comments.


---------------------------------------------------
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org  
web: www.oasis-open.org
phone: 1.603.232.9090

[1] http://lists.oasis-open.org/archives/tc-announce/200712/msg00004.html 
[2] Added the following clarifying text to section 2.5.2 regarding the
treatment of an empty RelayState value in signature processing.

Note that if there is no RelayState value, the entire parameter should be
omitted from the signature computation (and not included as an empty
parameter name), resulting in a string of one of these forms:

SAMLRequest=value&SigAlg=value
SAMLResponse=value&SigAlg=value



---------------------------------------------------------------------

This email list is used solely by OASIS for official consortium
communications.

Opt-out requests may be sent to member-services@oasis-open.org, however, all
members are strongly encouraged to maintain a subscription to this list.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]