OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] [XML Signature]SAML profile of XML Signature

Editorial changes.  (BTW, thanks for posting PDF not MSWord)

18-19: change to active voice, "SAML uses XML DSIG to ..."

36: "a work in progress" ?

73: Data integrity, not message?

76: "can be used to help provide" N-R.  Make it more mealy-mouthed, NR
is a bad concept to enforce cryptographically. :)  Esp since no mention
of CRL OCSP etc appears. :)

83:  See 76

90:  Add ", for example" to end of sentence.

95:  Should both parties be postive the message transport integrity
hasn't been compromised, too?

105-108 Un-indent that paragraph and make it a note.  It's good to list
examples.  Needn't be comprehensive.

126: it's an enveloped sig, no?

133: maxoccurs defaults to 1 so its redundant.  131-133 should be

139: not sure what version of XML Schema, but should timeInstant be

150,158: see 133

166: "may themselves be signed" ; add themselves

178: "applies to all of the"; add to

Perhaps instead of super-signature containing or package signature? 
Just a suggestion.

186: The first sentence should be a phrase (comma not period before the
i.e.), and seems to be missing a word or two.

190: message --> "messages, then"

201: strike "viz"

216: Add Phill's caveat (probably belongs elsewhere, too) that
assertions can only be evaluated *after the transforms*

219: "Which means" --> "For example, this means that"

Hope this helps.

Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC