OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

Messages By Date: members message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Public Review of SAMLv2.0 HTTP POST "SimpleSign" Binding - 15 day review

To OASIS members, Public Announce Lists:

The OASIS Security Services TC has recently approved the following
specification as a Committee Draft and approved the package for public
review:

SAMLv2.0 HTTP POST "SimpleSign" Binding Version 1.0

The public review starts today, 23 December 2008, and ends 9 January 2009.
This specification was previously submitted for a 60-day public review on 11
December 2007[1]; this 15-day review is limited in scope to changes made
from the previous review. The only change is noted below[2]. 

This is an open invitation to comment. We strongly encourage feedback from
potential users, developers and others, whether OASIS members or not, for
the sake of improving the interoperability and quality of OASIS work.

More non-normative information about the specification and the technical
committee may be found at the public home page of the TC at 
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
Comments may be submitted to the TC by any person through the use of the
OASIS TC Comment Facility which can be located via the button marked "Send A
Comment" at the top of that page, or directly at 
http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security.

Submitted comments (for this work as well as other works of that TC) are
publicly archived and can be viewed at 
http://lists.oasis-open.org/archives/security-comment/. All comments
submitted to OASIS are subject to the OASIS Feedback License, which ensures
that the feedback you provide carries the same obligations at least as the
obligations of the TC members.

The specification document and related files are available here:

Editable Source:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.odt 

PDF:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.pdf 

HTML:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig
n-cd-04.html 


OASIS and the Security Services TC welcome your comments.


---------------------------------------------------
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org  
web: www.oasis-open.org
phone: 1.603.232.9090

[1] http://lists.oasis-open.org/archives/tc-announce/200712/msg00004.html 
[2] Added the following clarifying text to section 2.5.2 regarding the
treatment of an empty RelayState value in signature processing.

Note that if there is no RelayState value, the entire parameter should be
omitted from the signature computation (and not included as an empty
parameter name), resulting in a string of one of these forms:

SAMLRequest=value&SigAlg=value
SAMLResponse=value&SigAlg=value

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]