OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] proposed text for mandatory-to-implement SAMLartifact

Title: RE: [security-services] proposed text for mandatory-to-implement SAML artifact

Hi Prateek,

A couple of comments.

 - On line 27:  where it says <SAML_artifact>, do you really mean <AssertionHandle>?

 - It might be good to distinguish between line 29 ("The following practices are RECOMMENDED...") where you mean (1) AND (2) AND (3), and line 42 ("The following techniques are RECOMMENDED:") where you seem to mean (a) OR (b).  Perhaps change line 42 to be "Either of the following techniques are RECOMMENDED:".

 - Line 45 may cause some confusion in that each value is specified to be "of size at least eight bytes", but that value, when chosen, is placed in a field of size 20 bytes (from line 18).  How does the destination site know how much of the 20 bytes is "real" value and how much is "filler".  Either this needs to be clarified or this alternative needs to be dropped.

 - Line 47:  does "hash of a sequence of distinct values" need to be tightened up at all (e.g., "hash of a random sequence of distinct values", or "hash of an unpredictable sequence of distinct values")?  Just curious as to why the randomness of the sequence is specified in (a) but not in (b).


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC