[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] revised conformance spec
Hi Bob, Some comments on conform-spec-10; I didn't look at the test cases, but some of them might be affected by suggestions I make below: - The footer was explicitly set to -08 and the (static) then-current date a while back; you'll need to change both each time you publish. - I note that the required/optional elements language is still in there (lines 140-144, 159-160, 172-186, and elsewhere), even though I'm quite sure we agreed to change this at least a couple of times. I think what we want is a statement that any SAML-consuming implementation must handle all *valid* SAML elements (including ones that are optional according to the schema) in a conforming fashion, but that SAML-producing implementations need not produce *optional* SAML elements. - In the other specs, I believe "requestor" has consistently been spelled "requester", and "artefact" has been spelled "artifact". - Line 215 contains a phantom section head that should be deleted. - It would be nice to give an italic example of an implementation that functions as a producer (e.g., an authentication authority) and not a consumer. - Even though I guess I contributed to the change of direction for this document :-), I have to admit that I'm not sure I understand how Table 1 works as it currently stands. Here's what I have been picturing (could be done as a table too, but this was easier in email): ================= SAML Protocol [] SOAP-over-HTTP binding [] (eventually we'll have more here) [] Additional non-standard bindings: _______________ [] Requester (produces and sends a request) - Queries produced (i.e., statement types requested): [] AuthN [] AuthZ (i.e., I'm a PEP) [] Attrib - Other information (don't know what else this might include) [] Responder (returns a response; a "SAML authority") - Query types answered (i.e., statement types provided; "authority type"): [] AuthN [] AuthZ [] Attrib - Other information (don't know what else this might include) SAML Profiles [] Browser/artifact profile [] Consumer (receives artifact, requests/receives SSO assertion) [] Producer (returns SSO assertion) - Other information (don't know what else this might include) [] Browser/POST profile [] Producer (sends SSO assertion) [] Consumer (receives SSO assertion) - Other information (don't know what else this might include) [] SOAP profile [] Sender [] Uses SenderVouches format [] Uses HolderOfKey format [] Receiver [] Supports SenderVouches format [] Supports HolderOfKey format - Other information (don't know what else this might include) ================= Eve At 10:32 AM 1/31/02 -0500, Robert Griffin wrote: >hi - > >i've attached a revised conformance spec, containing a new section 2.5 >that stipulates that for any element in the schema that specifies an >"unbounded" max value (included in table in conform spec), any conforming >application or implementation must support a max value of at least 1000 >(pretty arbitrary value, i know...). > >i didn't modify test cases; i think the stipulation is reasonably covered >by the pass/fail criteria in the current test case descriptions, which >call out support for all required elements of assertions, requests and >responses. > >comments/corrections? > >bob -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC