OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: lookup by artifact

I would like to suggest that the lookup send the entire artifact, not just the
assertion handle. This allows the lookup to be used for for future artifact
implementations as well as the specifed 0x0001 artifact. Since the artifact
contains the type code, the SAML processor servicing the lookup can determine
how to handle the artifact or reject it (which shouldn't happen with a
legitimate artifact that was created by the same site). I  also suggest that
the artifact element be of type string with no explicit size limits, to allow
future artifacts of different sizes.

Regards,
Charles

"Mishra, Prateek" wrote:

> Hi Phil,
>
> Following the white board discussion at
> F2F#4, please add the following new element to
> <samlp:RequestType>.
>
> Proposed Changes:
> ++++++++++++++++++++++++++++++++++++++++++
>
> <element name "AssertionHandle" type="string">
>
> with <samlp:RequestType> modified to read:
>
> <complexType name="RequestType">
>                 <complexContent>
>                         <extension base="samlp:RequestAbstractType">
>                                 <choice>
>                                         <element name="Query"
> type="samlp:QueryAbstractType"/>
>                                         <element ref="saml:AssertionID"
> maxOccurs="unbounded"/>
>                          <element ref="AssertionHandle"
> maxOccurs="unbounded" />
>                                 </choice>
>                         </extension>
>                 </complexContent>
> </complexType>
>
> The following changes to text in 2.2.2 for core-16 are also proposed:
>
> The <Request> element specifies a SAML request. This may contain either a
> query, a request for one or more assertions identified by their
> AssertionIDs, or a request for one or more
> assertions identified by their AssertionHandles. AssertionHandle is an
> opaque value which is interpreted and de-referenced only by the entity that
> created the AssertionHandle.
>
> - prateek
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

begin:vcard 
n:Knouse;Charles
tel;fax:408-861-6811
tel;work:408-861-6890
x-mozilla-html:TRUE
url:www.oblix.com
org:Oblix;Engineering
adr:;;18922 Forge Drive;Cupertino;CA;95014;USA
version:2.1
email;internet:cknouse@oblix.com
title:Principal Software Engineer
fn:Charles Knouse
end:vcard

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC