[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Changes for Core 26
":80" ? "Hallam-Baker, Phillip" wrote: > > I think there might be a simple syntactic rule. > > All the URIs that use case insensitive matching on the DNS portion are of > the form method://dns/rest > > so it is pretty easy to write a FSR for > > scheme://case-insensitive/sensitive > | > scheme:case-sensitive > > Phillip Hallam-Baker FBCS C.Eng. > Principal Scientist > VeriSign Inc. > pbaker@verisign.com > 781 245 6996 x227 > > > -----Original Message----- > > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > > Sent: Tuesday, February 12, 2002 6:14 AM > > To: Eve L. Maler > > Cc: security-services@lists.oasis-open.org > > Subject: Re: [security-services] Changes for Core 26 > > > > > > > > All, > > > > > It would be extremely weird to > > > allow both of the following (and the infinite number of > > variations) as > > > "the" action namespace: > > > > > > > > http://www.oasis-open.org/committees/security/docs/draft-sstc- > > core-25/rwedc > > > > > http://www.oasis-open.ORG/committees/security/../security/docs > > /draft-sstc-core-25/rwedc > > > > I agree. > > > > I guess saml could reasonably have a general URI rule > > (full-string-case- > > sensitive-comparison) with exceptions for defined cases like > > resource URLs. > > For resource URLs we could use the 2396 based matching and > > make note of > > the problem with case sensitivity of the "pathname" part of the URL. > > I think all saml processors then have to treat all resource URIs are > > URLs though, right? > > > > It may well be the case that most other mis-compares of URIs > > just result > > in DoS (which wouldn't justify 2396 levels of flexibility > > IMO). Are there > > any other real cases where the default rule wouldn't be enough? > > > > If not, should the -26 version include text like that I proposed, but > > applying only to resource URIs? (see [1], thing #3) > > > > Stephen. > > > > [1] > http://lists.oasis-open.org/archives/security-services/200202/msg00063.html > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC