[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] bindings07 section 3.1 comments
Here are my comments on the bindings07.
Text message describes edits by the line number of
the original document. Word document has this edits
Section 2.1 line 116: Example: A SAML HTTP binding describes how ... message exchanges --are-- mapped ... I think this line sets up an expectation that http binding is defined. Since we do not define http binding it's better either to take this sentence out or to rewrite it saying: "A SAML HTTP binding describes how ... message excanges --could be-- mapped ..." Section 3.1 I've got confused about the meaning of sender and receiver as it used in section 3.1. Line 253 defines sender as an entity that transmits <samlp:Request> and receiver as an entity that receives it and returns <samlp:Response>. Later, in section 3.1.2 when headers are discussed (lines 259-266) saml sender and saml receiver are used independently of <samlp:Request> and <samlp:Response>. I think what we want to say is that when a party is playing a role of a sender it may add arbitrary soap headers and when a party is playing a role of a receiver it must not require any headers for the soap message. We can define a party that is sending <samlp:Request> in a saml conversation as 'saml requestor' and a party that is sending <samlp:Response> in a saml conversation as 'saml responder'. Then we can say that both parties play different roles of sender or receiver depending on the state of saml conversation. Then we can refer to saml requestor, saml responder, sender and receiver without ambiguity. Proposed changes to the text: lines 253-255: Replace 'sender' with 'saml requestor' and 'receiver' with 'saml responder'. "A saml requestor transmits a SAML <samlp:Request> within the body of a SOAP message to a saml responder. The saml responder processes the SAML request and returns a <samlp:Response> within the body of another SOAP message." After that add another paragraph defining 'sender' and 'receiver': "During saml conversation both parties play complimentary roles of saml sender or saml receiver depending on the state of saml conversation." line 270: replace 'sender' with 'saml requestor': "The saml requestor MUST NOT include ..." line 272: replace 'receiver' with 'responder': "..., the saml responder MUST return ..." line 279: replace 'receiver' with 'responder': "The SAML responder MUST NOT include ..." line 281: replace 'sender' with 'requestor'. line 282: replace 'receiver' with a 'responder' "On receiving a SAML response in a SOAP message, the SAML -- requestor-- MUST NOT send a fault code or other error messages to the -- SAML responder--" line 288: replace receiver with 'SAML responder': If a SAML responder cannot, for some reason..." line 295: replace 'sender' with 'saml requestor' and 'receiver' with 'saml responder': "Authentication of both --saml requestor-- and --saml responder-- is optional..." line 321: replace 'receiver' with 'responder': "a SAML responder MUST NOT include ..." line 326: replace 'sender' with 'requestor' and 'receiver' with 'responder': "SAML --requestor-- and SAML --responder-- MUST implement following ..." Add following text: "From the point of SSL protocol, SAML requestor plays a role of a client, and SAML responder plays a role of a server". line 337: replace 'receiver' with 'responder': "SAML --responders-- MUST implement message integrity..." line 349: replace 'receiver' with 'responder' and 'sender' with 'requestor' "A SAML --responder-- that refuses to perform a SAML message exchange with the -- SAML requestor-- SHOULD return ..."
Powered by eList eXpress LLC