OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services-comment] Bindings/Profiles comments

I have some comments/questions on the 
Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML)
Committee Specification 01, 31, May 2002

I believe the section #s for the SOAP over HTTP need to be updated, namely on line [258] for authentication on line [[263] for integrity on  line [267] for confidentiality

Since SSL/TLS is recommended for inter-site transfer and artifact transmission, perhaps https should be
shown in the examples at line [443], [483].

There is also a typo on [831], extra backslash.

It might be helpful to clarify the expectations of SubjectConfirmationData and ds:KeyInfo usage for the
different ConfirmationMethods in this profile. Is it true that only holder-of-key would be expected to have a
ds:KeyInfo SubjectConfirmation element (For the assertion subject), and none would have SubjectConfirmationData?

Presumably the Bearer method would have a ds:KeyInfo element as part of the SAML response signature, but this
is separate from ConfirmationMethod.

regards, Frederick

Frederick Hirsch
Technology Architect
Nokia Mobile Phones
5 Wayside Rd., Burlington, MA 01803 USA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC