OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Updated Issues List (draft-sstc-saml-issues-06.doc)


Title: RE: Updated Issues List (draft-sstc-saml-issues-06.doc)
Hal - The only written response to my contribution on this topic was from Dan Ash (and that was supportive).  I did speak with Phill about it, and (I think) he felt he needed the group's explicit instruction to include it.  I have suggested text on the topic for the SubjectConfirmation section, but that text was not included in Core 15.  I am trying to figure out how best to get the "group" to instruct Phill to include it in the next draft.  Best regards.  Tim.
-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, August 23, 2001 2:02 PM
To: 'Tim Moses'; 'OASIS Security Services group'
Subject: RE: Updated Issues List (draft-sstc-saml-issues-06.doc)

Sorry, I just missed it. I will add it.
 
After doing a little research I am confused. At first I thought, we have a usecase for some kind of document exchange in a store and forward environment that would mandate this. I can't find one in draft-sstc-saml-reqs-01. The only thing I found is a requirement for an ebXML binding, which I suspect will require this, although I am not that familiar with ebXML. I also cannot find open of closed issues on this kind of a use case. Can anyone help me out? Does anyone from the usecase group remember if store and forward transactions are supposed to be in or out?
 
Assume the answer is "in", is this issue controversial? Personally I thought this was one of the intended uses of SubjectConfirmation. (I am having trouble following the discussion thread, because this was originaly one point among many in your comments.) Have there been any arguments against it?
 
Hal
-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Wednesday, August 22, 2001 4:21 PM
To: 'OASIS Security Services group'
Subject: RE: Updated Issues List (draft-sstc-saml-issues-06.doc)

Hal - I do have one issue that I would like to raise.  I could offer to "champion" it, if it is appropriate.

There is a need for a subject confirmation method based on a signature over a document.  Carlisle has dubbed this "unaccompanied data".  Also, see Dan Ash's posting on the topic ...

http://lists.oasis-open.org/archives/security-services/200108/msg00029.html

Should this method be added to section 4 of Core 15?

All the best.  Tim.

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Wednesday, August 22, 2001 10:51 AM
To: 'security-services@lists.oasis-open.org';
'security-editors@lists.oasis-open.org'
Subject: Updated Issues List (draft-sstc-saml-issues-06.doc)


The issues list has been updated to reflect recent discussions on the list.
Some arbitrary decisions were made about what are issues and what are merely
editorial comments. Please let me know if I have missed your issue.

The issue status report has been delayed but will be issued soon.

Hal



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC