[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Changes for Core 26
I think there might be a simple syntactic rule. All the URIs that use case insensitive matching on the DNS portion are of the form method://dns/rest so it is pretty easy to write a FSR for scheme://case-insensitive/sensitive | scheme:case-sensitive Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Tuesday, February 12, 2002 6:14 AM > To: Eve L. Maler > Cc: security-services@lists.oasis-open.org > Subject: Re: [security-services] Changes for Core 26 > > > > All, > > > It would be extremely weird to > > allow both of the following (and the infinite number of > variations) as > > "the" action namespace: > > > > > http://www.oasis-open.org/committees/security/docs/draft-sstc- > core-25/rwedc > > > http://www.oasis-open.ORG/committees/security/../security/docs > /draft-sstc-core-25/rwedc > > I agree. > > I guess saml could reasonably have a general URI rule > (full-string-case- > sensitive-comparison) with exceptions for defined cases like > resource URLs. > For resource URLs we could use the 2396 based matching and > make note of > the problem with case sensitivity of the "pathname" part of the URL. > I think all saml processors then have to treat all resource URIs are > URLs though, right? > > It may well be the case that most other mis-compares of URIs > just result > in DoS (which wouldn't justify 2396 levels of flexibility > IMO). Are there > any other real cases where the default rule wouldn't be enough? > > If not, should the -26 version include text like that I proposed, but > applying only to resource URIs? (see [1], thing #3) > > Stephen. > > [1] http://lists.oasis-open.org/archives/security-services/200202/msg00063.html -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC