OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Public Comment

Comment from: pnshenoy@uncc.edu

It came to my notice while reading the Technical Overview (rev 03, posted in March) that the description provided in section 4.1.2 for "Detailed Processing for the Destination-Site First Scenario" is not proper. 

It also does not match with Figure 10 that it is supposed to represent. I already have compiled it and also redrew the figure to provide a correct expression of the intended case scenario.

Some points for immediate cross-checking 
<-- ISSUE 1 -->
Section 4.1.2, Step 2: The local web site performs an access check and determines that the user must be authenticated by the central site. A redirect on is issued to the central site.Typically,this redirect on is to the central site's Inter-site Transfer Service
<Correction> Figure 10 shows the local web site to be www.abc.com, this is a mistake and can be confusing for readers who are reading this for the first time. Instead of local web site, you can put www.xyz.com,or for the sake of consistency use remote site. Also, there is no mention of the central site in the diagram. Is it there ??????

<-- ISSUE 2 -->
Section 4.1.2, Step 3: The www.abc.com SAML responder supplies back a SAML response message containing the assertion generated during step 7.
<Correction>  The assertion is generated in step 6 according the your description. Is is a copy-paste error ? There is no SAML responder in the diagram, although it can be understood to be an abstract backend entity doing the processing.It would be great if you show a functional block for SAML responder at www.abc.com.

Also, i think the figure 10 itself is incorrect and needs to be revised.

There are a couple of other corrections that i have to suggest. Although, i sincerely feel that reading thess comments and revising the document will highlight rest of the issues in the Section.

These comments are based on my understanding of the SAML protocol. If the TC thinks that these comments are invalid, please intimate me about it.

Thanks.

-Prasad.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]