[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?
Emily, The general rule is that unless there is a "real error", a success status is returned with no assertions. >> >>Scenario #1: The responder couldn't find the assertion >>matching the AsertionID >>12345 because it's not in the responder's assertion store, or >>the assertion was >>issued for a site different than the requester. >> Response: Success, No assertions. >>Scenario #2: The responder found the assertion. But the >>assertion is expired >>(time is not in the period between NotBefore and NotOnOrAfter >>in Conditions). >> Response: (1) Success, No Assertion (2) Success, Assertion included In this case, either response is acceptable though my guess is that most implementations will prefer (1). >>For these two scenarios, do they qualify for an error, or >>should we return >>success and an optional <statusMessage> to list the reason? >> A <StatusMessage> is a good idea (especially for debugging) but it is not required. >>> >>> ---------------------------------------------------------------- >>> To subscribe or unsubscribe from this elist use the subscription >>> manager: <http://lists.oasis-open.org/ob/adm.pl> >> >> >>---------------------------------------------------------------- >>To subscribe or unsubscribe from this elist use the subscription >>manager: <http://lists.oasis-open.org/ob/adm.pl> >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC