OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] Comment on core-25 sec 2.4.3.2


 I remain concerned about the semantics of this element. I feel it
has not been thought through in the SAML context but perhaps imported
from some specific or proprietary implementation that may be of
interest to a few individuals. Hence, I would request a vote concerning its 
inclusion in SAML. I have raised similar questions before but I do
not feel they have been adequately answered [1].

The idea of conveying a URI which acts as some kind of address for a SAML
responder seems sensible (the so-called "Binding" URI). I dont see this 
as a "must-have" in SAML 1.0 but accept that it is a reasonable notion.

But what is meant by the notion of "AuthorityKindType"?
It seems misplaced in that a different question needs to be answered
first: what type of service is implemented at the "Binding" URI?

We have defined three request-response pairs in the specification ---
which one of them is implemented at the "Binding" URI? All three? Only one
of the three?

Once this question is answered, we can perhaps further constrain the
service by describing the types of statements in assertions
returned by the particular service. 


[1]

http://lists.oasis-open.org/archives/security-services/200112/msg00093.html





= prateek

-----Original Message-----
From: Scott Cantor
To: SAML
Sent: 1/18/02 12:54 PM
Subject: [security-services] Comment on core-25 sec 2.4.3.2


Section 2.4.3.2, the description of the AuthorityBinding element
(proposed by Simon G):

The element itself is optional, but within it, both attributes are
required (as in the schema), so delete the [Optional] or replace with
[Required] on lines 681 and 683.

Also I'd propose replacing the description in lines 679-80 with:

"The <AuthorityBinding> element specifies a SAML authority which can
provide additional assertions about the subject, identifies the type of
that authority, and points to its location (via a URI)."

(Q: Should the description specify that the authority will respond to
the SAML SOAP binding, or should it be left unspecified and
application-dependent?)

-- Scott


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC