OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services-comment] Public Review comments for OASIS SAML V2.0 Change Notify Protocol v1.0


Hello,

Please see comments resolution below on each of the comments. All of the
comments are accepted and corrected.

Regards
Thinh

-----Original Message-----
From: ext Martin Chapman [mailto:MARTIN.CHAPMAN@ORACLE.COM] 
Sent: Tuesday, April 05, 2011 10:11 AM
To: security-services-comment@lists.oasis-open.org
Cc: OASIS Technical Advisory Board (TAB)
Subject: [security-services-comment] Public Review comments for OASIS
SAML V2.0 Change Notify Protocol v1.0

http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml2-notify-proto
col/v1.0/csprd01/sstc-saml2-notify-protocol-v1.0-csprd01.html 

Note these comments are being made as an individual TAB member and do
not necessarily represent the views of the TAB as a whole.

1. Line numbers would greatly help in making review comments!

[resolution] Corrected.

2. 1.1 Notation. "When these words are not capitalized, they are meant
in their natural-language sense." This is in violation of RFC2119 which
permits upper and lower case. Replace lower case keywords with
non-rfc2119 language e.g. must into can. Also, sometimes the word SHALL
is used instead of MUST. OASIS guidelines suggests only using MUST
(http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.h
tml#_Toc170119662)

[resolution] Corrected

3. Section 2.1 required information. It is unclear to me what these
headers are and what they mean. If this template is defined somewhere
please add a brief description and/or a reference here.

[resolution] Corrected

4. 2.2 Description.  Consistency in bolding and terms required.
Sometimes Notify Issuer and Notify Target are in bold and sometimes the
Notify is in normal type or missed out completely. Suggest be consistent
throughout this document for all occurrences.


[resolution] Corrected


5. 2.2 Description, 2nd para. "However, except for just-in-time SSO
provisioning, except for the SAML Name Identifier Management Protocol
[SAML2Core]," This need re-phrasing as there are two "excepts" here.

[resolution] Corrected

6. 2.2 Description, 2nd para, last sentence. Is this RFC2119 MAY
intentional, seems out of place to me i.e. does not add any normative
requirement to any conformance target.

[resolution] Corrected

7. 2.9 "The responding Notify Target of the ...", 3rd bullet, lower case
the BE (SHALL be, not SHALL BE)  


[resolution] Corrected

8.  4.1 same comment as point 3 above.

[resolution] Corrected

9. The appendices need to be marked as such - currently they look like
normal sections.

[resolution] Corrected

10. Appendix 1, Use Cases. There are a couple of rfc2119 keywords here
that  seem inappropriate for a use case section (2nd item of each use
case). Please rephrase without using MUST e.g. "has to acknowledge".

[resolution] Corrected

Martin Chapman 
Standards Professional

Mobile: +353 87 687 6654 

ORACLE Ireland 

Oracle is committed to developing practices and products that help
protect the environment


-- 
This publicly archived list offers a means to provide input to the
OASIS Security Services (SAML) TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: security-services-comment-subscribe@lists.oasis-open.org
Unsubscribe: security-services-comment-unsubscribe@lists.oasis-open.org
List help: security-services-comment-help@lists.oasis-open.org
List archive:
http://lists.oasis-open.org/archives/security-services-comment/
Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Committee:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]