[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?
Thanks, Prateek. The explanations make sense. I agree with you that we should add this general rule to the appropriate sections. Thanks, Emily > Content-return: allowed > Date: Tue, 26 Feb 2002 15:59:49 -0500 > From: "Mishra, Prateek" <pmishra@netegrity.com> > Subject: RE: [security-services] underspecified behavior for Authenticatio nQuery ? > To: "'Emily Xu'" <Emily.Xu@sun.com>, security-services@lists.oasis-open.org > List-Owner: <mailto:security-services-help@lists.oasis-open.org> > List-Post: <mailto:security-services@lists.oasis-open.org> > List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:security-services-request@lists.oasis-open.org?body=subscribe> > List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:security-services-request@lists.oasis-open.org?body=unsubscribe> > List-Archive: <http://lists.oasis-open.org/archives/security-services> > List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, <mailto:security-services-request@lists.oasis-open.org?body=help> > List-Id: <security-services.lists.oasis-open.org> > > Emily, > > > The general rule is that unless there is a "real error", a success status > is returned with no assertions. > > > >> > >>Scenario #1: The responder couldn't find the assertion > >>matching the AsertionID > >>12345 because it's not in the responder's assertion store, or > >>the assertion was > >>issued for a site different than the requester. > >> > > Response: Success, No assertions. > > >>Scenario #2: The responder found the assertion. But the > >>assertion is expired > >>(time is not in the period between NotBefore and NotOnOrAfter > >>in Conditions). > >> > > Response: (1) Success, No Assertion > (2) Success, Assertion included > > In this case, either response is acceptable though my guess is that most > implementations will prefer (1). > > >>For these two scenarios, do they qualify for an error, or > >>should we return > >>success and an optional <statusMessage> to list the reason? > >> > > A <StatusMessage> is a good idea (especially for debugging) but > it is not required. > > >>> > >>> ---------------------------------------------------------------- > >>> To subscribe or unsubscribe from this elist use the subscription > >>> manager: <http://lists.oasis-open.org/ob/adm.pl> > >> > >> > >>---------------------------------------------------------------- > >>To subscribe or unsubscribe from this elist use the subscription > >>manager: <http://lists.oasis-open.org/ob/adm.pl> > >> > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC