[security-services] comment/question on version info definition

["Philpott, Robert" <rphilpott@rsasecurity.com>]

Line 1229: What does it mean to call this "SAML Protocol 1.0"? 

1. Requests and Responses each have Major/Minor version info attributes, which implies that, in theory, they could be upgraded independently (I didn't see where this is explicitly prohibited).  If so, Line 1228-1229 should be explicit: "This document defines SAML Assertions 1.0, SAML Request Protocol 1.0, and SAML Response Protocol 1.0".
2. If the intent is to keep the request and response protocols synchronized with a single SAML protocol version (separate from the assertion version), then the RequestAbstractType type (3.2.1) and the ResponseAbstractType type (3.4.1) should replace the MajorVersion and MinorVersion attributes with a new <ProtocolVersionInfo> element defined something like:

<element name="ProtocolVersionInfo" type="samlp:ProtocolVersionInfoType"/>

<complexType name="ProtocolVersionInfoType">

   <attribute name="MajorVersion" type="integer" use="required"/>

   <attribute name="MinorVersion" type="integer" use="required"/>

</complexType>

3. If the intent is to keep the version info synchronized for assertions, request protocol, and response protocol, then we could use the following in the <assertion> element (2.3.3) and the request/response abstract types could include the <VersionInfo> element:

<element name="VersionInfo" type="saml: VersionInfoType"/>

<complexType name="VersionInfoType">

   <attribute name="MajorVersion" type="integer" use="required"/>

   <attribute name="MinorVersion" type="integer" use="required"/>

</complexType>

 

 

Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-687-7585

Mobile: 617-510-0893

Fax: 781-687-7019

mailto:rphilpott@rsasecurity.com