OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: SAML 2.0 Identity Provider Discover Profile

Sorry, I should have been more specific about the document in question:


Hope this helps.

On Wed, 27 Oct 2004 12:03:30 -0400, Tom Scavo <trscavo@gmail.com> wrote:
> SAML 2.0 Identity Provider Discover Profile
> Section 4.3 of [SAMLProf]
> [lines 1063--1064]  Delete the phrase "when authentication of the
> principal occurs" since the common domain writing service has no
> knowledge of this event.  The service is simply carrying out the
> wishes of the IdP.
> [line 1066]  The phrases "no Path prefix" and "a Path prefix of "/""
> refer to the most specific and most general paths, respectively.  Is
> this intentional, and if so, why?
> [lines 1066--1067]  The phrase "[common-domain]" is not well defined.
> Suppose the common domain is CommonDomain.com.  Then the Domain
> attribute of the cookie should be set to ".CommonDomain.com".  RFC
> 2109 states that the Domain attribute "must always start with a dot."
> RFC 2965 (which obsoletes RFC 2109) states that if the Domain
> attribute "does not start with a dot, the user agent supplies a
> leading dot."  It is safest, however, to explicitly include the dot.
> [line 1098]  The common domain server does not "set the cookie" on
> behalf of the service provider.  Instead, it READS the cookie and
> (presumably) returns the value in a query string parameter.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]