OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] 2 questions on AuthenticationQuery

Pardon the newbie questions, but I just wanted to make sure there's not a mistake in the spec. Note that I haven't gotten through all of the docs yet, so these might be covered elsewhere.  I apologize in advance if that's the case.


In section 3.3.3 (line 976) of draft-sstc-core-25, an AuthenticationQuery element is defined to contain either 0 or 1 saml:ConfirmationMethod elements (since no maxOccurs is specified). 


Q1: The section describes what the response must be if a ConfirmationMethod is specified in the request.  But it doesn't describe what happens if it is not specified.  I concluded that the response MUST contain all authentication assertions for the subject.  Is this correct? Whether or not it's correct, it would help to describe this case in the section as well.


Q2: What was the rationale for limiting AuthenticationQuery's to just one ConfirmationMethod?  The semantics of a request with multiple methods could be to return just those assertions that match any of the methods, but there wouldn't have to be a match for all of the requested methods for success.  Thus, a requester could use this as a filter to limit the assertions that get returned to those that the requester wants to support.  With the current definition, I could obviously do this by making separate AuthenticationQuery requests, but that seems inefficient.




Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-687-7585

Mobile: 617-510-0893

Fax: 781-687-7019





This e-mail, its content and any files transmitted with it are intended solely for the addressee(s) and are PRIVILEGED and

CONFIDENTIAL. Access by any other party is unauthorized without the express prior written permission of the sender. If

you have received this e-mail in error you may not copy, disclose to any third party or use the contents, attachments or

information in any way, Please delete all copies of the e-mail and the attachment(s), if any and notify the sender.

Thank You.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC