[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Comment on core-25 sec 2.4.3.2
I remain concerned about the semantics of this element. I feel it has not been thought through in the SAML context but perhaps imported from some specific or proprietary implementation that may be of interest to a few individuals. Hence, I would request a vote concerning its inclusion in SAML. I have raised similar questions before but I do not feel they have been adequately answered [1]. The idea of conveying a URI which acts as some kind of address for a SAML responder seems sensible (the so-called "Binding" URI). I dont see this as a "must-have" in SAML 1.0 but accept that it is a reasonable notion. But what is meant by the notion of "AuthorityKindType"? It seems misplaced in that a different question needs to be answered first: what type of service is implemented at the "Binding" URI? We have defined three request-response pairs in the specification --- which one of them is implemented at the "Binding" URI? All three? Only one of the three? Once this question is answered, we can perhaps further constrain the service by describing the types of statements in assertions returned by the particular service. [1] http://lists.oasis-open.org/archives/security-services/200112/msg00093.html = prateek -----Original Message----- From: Scott Cantor To: SAML Sent: 1/18/02 12:54 PM Subject: [security-services] Comment on core-25 sec 2.4.3.2 Section 2.4.3.2, the description of the AuthorityBinding element (proposed by Simon G): The element itself is optional, but within it, both attributes are required (as in the schema), so delete the [Optional] or replace with [Required] on lines 681 and 683. Also I'd propose replacing the description in lines 679-80 with: "The <AuthorityBinding> element specifies a SAML authority which can provide additional assertions about the subject, identifies the type of that authority, and points to its location (via a URI)." (Q: Should the description specify that the authority will respond to the SAML SOAP binding, or should it be left unspecified and application-dependent?) -- Scott ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC