[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services-comment] Public Review comments for OASIS SAML V2.0 Change Notify Protocol v1.0
Hello, Please see comments resolution below on each of the comments. All of the comments are accepted and corrected. Regards Thinh -----Original Message----- From: ext Martin Chapman [mailto:MARTIN.CHAPMAN@ORACLE.COM] Sent: Tuesday, April 05, 2011 10:11 AM To: security-services-comment@lists.oasis-open.org Cc: OASIS Technical Advisory Board (TAB) Subject: [security-services-comment] Public Review comments for OASIS SAML V2.0 Change Notify Protocol v1.0 http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml2-notify-proto col/v1.0/csprd01/sstc-saml2-notify-protocol-v1.0-csprd01.html Note these comments are being made as an individual TAB member and do not necessarily represent the views of the TAB as a whole. 1. Line numbers would greatly help in making review comments! [resolution] Corrected. 2. 1.1 Notation. "When these words are not capitalized, they are meant in their natural-language sense." This is in violation of RFC2119 which permits upper and lower case. Replace lower case keywords with non-rfc2119 language e.g. must into can. Also, sometimes the word SHALL is used instead of MUST. OASIS guidelines suggests only using MUST (http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.h tml#_Toc170119662) [resolution] Corrected 3. Section 2.1 required information. It is unclear to me what these headers are and what they mean. If this template is defined somewhere please add a brief description and/or a reference here. [resolution] Corrected 4. 2.2 Description. Consistency in bolding and terms required. Sometimes Notify Issuer and Notify Target are in bold and sometimes the Notify is in normal type or missed out completely. Suggest be consistent throughout this document for all occurrences. [resolution] Corrected 5. 2.2 Description, 2nd para. "However, except for just-in-time SSO provisioning, except for the SAML Name Identifier Management Protocol [SAML2Core]," This need re-phrasing as there are two "excepts" here. [resolution] Corrected 6. 2.2 Description, 2nd para, last sentence. Is this RFC2119 MAY intentional, seems out of place to me i.e. does not add any normative requirement to any conformance target. [resolution] Corrected 7. 2.9 "The responding Notify Target of the ...", 3rd bullet, lower case the BE (SHALL be, not SHALL BE) [resolution] Corrected 8. 4.1 same comment as point 3 above. [resolution] Corrected 9. The appendices need to be marked as such - currently they look like normal sections. [resolution] Corrected 10. Appendix 1, Use Cases. There are a couple of rfc2119 keywords here that seem inappropriate for a use case section (2nd item of each use case). Please rephrase without using MUST e.g. "has to acknowledge". [resolution] Corrected Martin Chapman Standards Professional Mobile: +353 87 687 6654 ORACLE Ireland Oracle is committed to developing practices and products that help protect the environment -- This publicly archived list offers a means to provide input to the OASIS Security Services (SAML) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: security-services-comment-subscribe@lists.oasis-open.org Unsubscribe: security-services-comment-unsubscribe@lists.oasis-open.org List help: security-services-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/security-services-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]