[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] comments on core-25
(1) 613 should read <SubjectConfirmationData>[Optional] ... based on schema fragment shown on 621-626. Redundant lines of schema on lines 629-630 should be deleted. (2) 996, use of ConfirmationMethod 656, use of AuthenticationMethod There is some inconsistency here. My understanding in earlier versions was that the filter was built around AuthenticationMethod (otherwise why should it be specific to <AuthenticationQuery>?). My guess is that line 996 should read: <AuthenticationMethod>[Optional] (3) 1516: RFC in URN refers to the RFC for CMS. I am not sure which RFC is meant here. (4) 393: I am puzzled by the maxOccurs="unbounded" attribute for <ds:Signature>. I would have thought this to have cardinality 0 or 1 (no need for maxOccurs attribute). A close examination of Section 5.1 (1311) does not yield any justification for such a cardinality. (5) 1316: references sections 3.3.1 and 3.5.1 are incorrect. I think 3.2.1 and 3.4.1 are meant here instead. As in (4) above, I do not understand why we need multiple signatures. (6) 1340: Replace 2.1 by 5.1 (7) formatting issues in lines 1295, 1304 I believe these lines should be indented as they are giving some details for the bullet above. (8) add to line 1298: The message integrity of assertions must also be guaranteed by use of appropriate technology. add to line 1304: The message integrity of requests and responses must also be guaranteed by use of appropriate technology. (9) replace line 1348 by: SAML processors MUST use enveloped signatures for signing assertions and protocols. SAML processors SHOULD use RSA signing for public key signatures. (10) 1317: Remove informal parenthetical remark from section heading.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC