[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] SAML artifact source id config.
-----Original Message-----
From: Chen, Fred [mailto:fchen@netegrity.com]
Sent: Thursday, April 18, 2002 5:19 PM
To: Mishra, Prateek; 'Hal Lockhart'; 'saml-dev@lists.oasis-open.org'
Subject: RE: [saml-dev] SAML artifact source id config.Hal explains the right reason for this discussion:"the destination site will maintain a table of SourceID values ""This information is communicated between the source and destination sites out-of-band."This means the source will tell destination site some information about theSourceID, for example, by email . So that destination site is able to maintain that table.Should we consider to suggest this out-of-band information be in plain text,instead of 20 byte sequence? As it's hard to put that 20-bytes into a config filewithout any conversion.Thanks,-Fred
-----Original Message-----
From: Mishra, Prateek
Sent: Thursday, April 18, 2002 5:10 PM
To: 'Hal Lockhart'; Chen, Fred; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML artifact source id config.Hal,The issue here is simply that the out-of-band message isa 20-byte sequence (not a string!). That is all. Folks participatingin the web browser profile should ensure that their administrationGUIs etc. do not assume that the partner source ID is a string.It is an arbitrary 20 byte sequence and may be delivered,(out of band) using hex, just for example.- prateek-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, April 18, 2002 5:00 PM
To: 'Chen, Fred'; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML artifact source id config.I don't understand this at all. Section 4.1.1.8 (lines 567-570) says:
"SourceID is a 20-byte sequence used by the destination site to determine source site identity and location. It is assumed that the destination site will maintain a table of SourceID values as well as the URL (or address) for the corresponding SAML responder. This information is communicated between the source and destination sites out-of-band."
Out of band means not in any SAML message. I don't see anything to specify here.
When contained in the artifact and sent via URL encoding, it is base64 encoded.
What am I missing?
Hal
> -----Original Message-----
> From: Chen, Fred [mailto:fchen@netegrity.com]
> Sent: Thursday, April 18, 2002 4:31 PM
> To: saml-dev@lists.oasis-open.org
> Subject: [saml-dev] SAML artifact source id config.
>
>
> Hi folks,
>
> I am writing some code to support saml browser/artifact profiling.
> According to draft-sstc-bindings-model-15, In section
> 4.1.1.6, it says "In
> steps 4 and 5, the destination site, in effect, dereferences
> the one or more
> SAML artifacts in its possession in order to acquire the SAML
> authentication
> assertion ...."
> I run into a problem that when the destination site composes
> a config file
> in its possession. As its partner sends the 20-byte code,
> which is typically
> a SHA-1 output with some non-displayable characters, you must
> have awared
> that a conversion from byte array into plain text is needed.
> This may cause
> some man made error or code burden/incompatibility on the
> destination site.
>
> How about its partner sends the hex string or Base64 encoded
> string of the
> SourceID for the agreement/configuration purpose.
>
> Please note, this doesn't affect the artifact format of
> section 4.1.1.8.
>
> Any thought?
>
> -Fred
>
>
>
>
>
>
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC