OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] ISSUE: Form of a response when the request ismissing/malformed

> I am assuming that the correct SAML status code to use when a 
> request is badly malformed (or is simply missing from the SOAP
> is "Sender"; that is, there has been an error "in the sender or in the
> request".

I assume so (modulo the suggested change to "Requester" from "Sender".

> But what should the InResponseTo attribute on the response be, if the 
> request didn't, say, even have an ID or any innards at all?

I think it's a safe bet that InResponseTo will be made optional, because
converting the POST profile to use Response requires either that or
using a dummy value. In light of that, making it optional solves both

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC