[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: SAML 2.0 Identity Provider Discover Profile
Sorry, I should have been more specific about the document in question: sstc-saml-profiles-2.0-cd-01 Hope this helps. On Wed, 27 Oct 2004 12:03:30 -0400, Tom Scavo <trscavo@gmail.com> wrote: > SAML 2.0 Identity Provider Discover Profile > > Section 4.3 of [SAMLProf] > > [lines 1063--1064] Delete the phrase "when authentication of the > principal occurs" since the common domain writing service has no > knowledge of this event. The service is simply carrying out the > wishes of the IdP. > > [line 1066] The phrases "no Path prefix" and "a Path prefix of "/"" > refer to the most specific and most general paths, respectively. Is > this intentional, and if so, why? > > [lines 1066--1067] The phrase "[common-domain]" is not well defined. > Suppose the common domain is CommonDomain.com. Then the Domain > attribute of the cookie should be set to ".CommonDomain.com". RFC > 2109 states that the Domain attribute "must always start with a dot." > RFC 2965 (which obsoletes RFC 2109) states that if the Domain > attribute "does not start with a dot, the user agent supplies a > leading dot." It is safest, however, to explicitly include the dot. > > [line 1098] The common domain server does not "set the cookie" on > behalf of the service provider. Instead, it READS the cookie and > (presumably) returns the value in a query string parameter. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]