[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?
> >> > >>Scenario #1: The responder couldn't find the assertion > >>matching the AsertionID > >>12345 because it's not in the responder's assertion store, or > >>the assertion was > >>issued for a site different than the requester. > >> > > Response: Success, No assertions. > But in binding-11 spec, line 519-521, it says "The source site MUST return an error code if it receives a <samlp:Request> message from an authenticated destination site X containing an artifact issued by the source site to some other destination site Y, where X <> Y." I feel we should treat a Request with AssertionID the same as a Request with Artifact if that AssertionID is associated with an Assertion that is issued for a specific site only. Can we safely say X <> Y is a real error therefore an error code should be returned instead of Success? Thanks, Emily
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC