OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] underspecified behavior for AuthenticationQuery ?

> >>
> >>Scenario #1: The responder couldn't find the assertion 
> >>matching the AsertionID 
> >>12345 because it's not in the responder's assertion store, or 
> >>the assertion was 
> >>issued for a site different than the requester.
> >>
> Response: Success, No assertions.

But in binding-11 spec, line 519-521, it says 

"The source site MUST return an error code if it receives a <samlp:Request> 
message from an authenticated destination site X containing an artifact issued 
by the source site to some other destination site Y, where X <> Y."

I feel we should treat a Request with AssertionID the same as a Request with 
Artifact if that AssertionID is associated with an Assertion that is issued for 
a specific site only. Can we safely say X <> Y is a real error therefore an 
error code should be returned instead of Success?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC