[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Proposed checklist for "three-company"certification
At 05:30 PM 2/12/02 -0500, Scott Cantor wrote:
> > To meet the OASIS requirement, I think we will need to list
> > three companies for each of the following line items:
> >
> > Requester of AuthN by means of SOAP-over-HTTP binding
> > Requester of AuthZ by means of SOAP-over-HTTP binding
> > Requester of Attrib by means of SOAP-over-HTTP binding
>
>My only question regarding evaluating compliance this way is what the
>obligations of a requester are with respect to understanding a Response
>containing the different kinds of statements.
>
>If I claim the latter function (sending an AttributeRequest), what must
>I be able to do with the response? Need anything be said at all, given
>that the requester is the RP and is free to drop it in the bit bucket?
I believe nothing need be said. It has to produce properly formed requests
and that's all.
Eve
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC