OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] the value of AuthnInstant

I understand that that's what you were *told*.   I, however, don't see
flexibility in what was written in the spec (at least not what's in
now).   There doesn't appear to be any ambiguity in the wording in the
as it currently stands to me.  If there is, I'd like someone to point
where it says that the AuthnInstant is allowed to be something other
when the *authentication* of the user took place.

I certainly have no problems with an errata directed at such ambiguity.
However, I don't see it and I don't think we should have an errata for
what people said or discussed outside of the spec, especially if that
was in conflict with the current wording of the spec.

So, if there's something wrong in what's written in the spec, sure,
let's fix it. 

In any case, those who want to do an errata, I'd like to hear/see what
the proposed changes would be.


> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Wednesday, February 13, 2008 1:38 PM
> To: Cahill, Conor P; ari.kermaier@oracle.com; 'Tom Scavo'
> Cc: 'SAML Developers'
> Subject: RE: [saml-dev] the value of AuthnInstant
> > Yes, I'm being a bit of a pain here, but that about sums up what an
> > errata would end up saying.  The spec does call out for specific
> behavior
> and
> > because some parties have ignored it in the past, we're going to add
> errata
> > that says you really need to do what the spec says.
> I asked the TC way back when what SAML required in this area for SSO
and I
> was told that it did NOT require this behavior. I don't know what else
> want me to say. You obviously don't agree with the original statement,
> that doesn't change what was said. This was years ago, probably before
> 1.0 even came out.
> So I take issue with the idea that I was ignoring anything. We did
what we
> were told was allowed, nothing more. We didn't do it because it was
> optimal
> or anything, we just weren't prepared to do more at the time.
> That to me implies that 2.0 could easily be worded differently if
> claiming it doesn't mean the same thing. I think the AC class is
> the chief part of that, because as far as I can tell that's the only
> that got added in 2.0, and we've never discussed the implications of
it in
> the TC that I recall.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]