[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?
Emily,
The general rule is that unless there is a "real error", a success status
is returned with no assertions.
>>
>>Scenario #1: The responder couldn't find the assertion
>>matching the AsertionID
>>12345 because it's not in the responder's assertion store, or
>>the assertion was
>>issued for a site different than the requester.
>>
Response: Success, No assertions.
>>Scenario #2: The responder found the assertion. But the
>>assertion is expired
>>(time is not in the period between NotBefore and NotOnOrAfter
>>in Conditions).
>>
Response: (1) Success, No Assertion
(2) Success, Assertion included
In this case, either response is acceptable though my guess is that most
implementations will prefer (1).
>>For these two scenarios, do they qualify for an error, or
>>should we return
>>success and an optional <statusMessage> to list the reason?
>>
A <StatusMessage> is a good idea (especially for debugging) but
it is not required.
>>>
>>> ----------------------------------------------------------------
>>> To subscribe or unsubscribe from this elist use the subscription
>>> manager: <http://lists.oasis-open.org/ob/adm.pl>
>>
>>
>>----------------------------------------------------------------
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>
>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC