OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?

Thanks, Prateek. The explanations make sense. I agree with you that we should 
add this general rule to the appropriate sections.

Thanks,
Emily

> Content-return: allowed
> Date: Tue, 26 Feb 2002 15:59:49 -0500
> From: "Mishra, Prateek" <pmishra@netegrity.com>
> Subject: RE: [security-services] underspecified behavior for Authenticatio 
nQuery ?
> To: "'Emily Xu'" <Emily.Xu@sun.com>, security-services@lists.oasis-open.org
> List-Owner: <mailto:security-services-help@lists.oasis-open.org>
> List-Post: <mailto:security-services@lists.oasis-open.org>
> List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
<mailto:security-services-request@lists.oasis-open.org?body=subscribe>
> List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
<mailto:security-services-request@lists.oasis-open.org?body=unsubscribe>
> List-Archive: <http://lists.oasis-open.org/archives/security-services>
> List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, 
<mailto:security-services-request@lists.oasis-open.org?body=help>
> List-Id: <security-services.lists.oasis-open.org>
> 
> Emily,
> 
> 
> The general rule is that unless there is a "real error", a success status
> is returned with no assertions.
> 
> 
> >>
> >>Scenario #1: The responder couldn't find the assertion 
> >>matching the AsertionID 
> >>12345 because it's not in the responder's assertion store, or 
> >>the assertion was 
> >>issued for a site different than the requester.
> >>
> 
> Response: Success, No assertions.
> 
> >>Scenario #2: The responder found the assertion. But the 
> >>assertion is expired 
> >>(time is not in the period between NotBefore and NotOnOrAfter 
> >>in Conditions).
> >>
> 
> Response: (1) Success, No Assertion
>            (2) Success, Assertion included
> 
> In this case, either response is acceptable though my guess is that most
> implementations will prefer (1).
> 
> >>For these two scenarios, do they qualify for an error, or 
> >>should we return 
> >>success and an optional <statusMessage> to list the reason?
> >>
> 
> A <StatusMessage> is a good idea (especially for debugging) but 
> it is not required.
> 
> >>> 
> >>> ----------------------------------------------------------------
> >>> To subscribe or unsubscribe from this elist use the subscription
> >>> manager: <http://lists.oasis-open.org/ob/adm.pl>
> >>
> >>
> >>----------------------------------------------------------------
> >>To subscribe or unsubscribe from this elist use the subscription
> >>manager: <http://lists.oasis-open.org/ob/adm.pl>
> >>
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC