RE: [ebxml-msg] New version of SAML document uploaded

["Pim van der Eijk" <pvde@sonnenglanz.net>]

Hello Ian,

Sorry I could not comment on the previous draft due to
holidays.  I have two questions and some minor editorial
comments:

1) If a client pulls a message using a pull request secured
using SAML,  and the message requires a receipt, in AS4 the
receipt is to be signed.   In this case I assume the receipt
(which the client will post to the MSH) will be signed using
the same SAML token.    It might be the same token as used
for the pull request, but that token is short-lived so the
MSH may also need to request a new token.

2) When using reliable messaging (retries),  the MSH should
keep the short duration of the SAML token in mind.  Normally
the MSH can store a copy of the fully processed SOAP message
(including WS-Security headers) but with such short lived
tokens,  it may need to re-sign the message.    This will
complicate implementations.  

Other than this I have mostly minor comments:

Front page says "working draft 01" dated 05 July,  but
according to Appendix C this is version 1.03 of 28 August.

Front page, Abstract,  "how an ebMS3/AS4 can" --> "how an
ebMS3/AS4 MSH can".
 
Section 1.3,  redundant empty line before [XMLDSIG].

Section 2 "two facets of SAML, SAML Assertions which" -->
"two facets of SAML: SAML Assertions, which"

Section 3.6,  "may require  a BusinessId":  redundant space
after "require".

Section 3.6,  "both attribute are present" --> "both
attributes are present"

Page 13,  "The SecurityTokenReference in the",  apply the
"Element" character style.

Section 4,  "Implementation of this specification" -->
"Implementations of this specification"

Section 4.1 "ie. SAML 2.0" --> "i.e. SAML 2.0"

Section 4.1, "public key mush be provided" --> "public key
must be provided".

Page 14,  footnote 2, "is either secure using X.509" --> "is
either secured using X.509"

Section 4.2, "eg SAML" --> "e.g. SAML"

Section 6,  "The following PModes are per MPC and authorize
access to that MPC" -->
"The following Pmode parameters are used in message pulling
to authorize access to that MPC"

Section 6, "a list of SAML attributes message for a
particular MPC MAY be autorised on" -->
"a list of SAML attributes that messages for a particular
MPC MAY be autorised on" ?

Section 7, "[EBMS3-AS4]  as" --> "[EBMS3-AS4], as"

Section B.3.3.6.3.3, "the Sender will contact an Identity
Provider inside their own business for a SAML token" -->
"the Sender will contact an Identity Provider inside its own
business for a SAML token"

Pim


-----Original Message-----
From: ebxml-msg@lists.oasis-open.org
[mailto:ebxml-msg@lists.oasis-open.org] On Behalf Of Mr. Ian
Otto
Sent: 28 August 2013 08:18
To: ebxml-msg@lists.oasis-open.org
Subject: [ebxml-msg] New version of SAML document uploaded

I have re-done example using Dale's version and added extra
explanation and highlighting therein.

There are no other changes.