OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] New (minor) Issue: AuthNMethod,not Confi rmationMethod in AuthNQuery


 
This issue first surfaced in:

http://lists.oasis-open.org/archives/security-services/200201/msg00147.html

wherein it was pointed out that:

>(2) 
 
 
>996, use of ConfirmationMethod
>656, use of AuthenticationMethod
 
>There is some inconsistency here. My understanding
>in earlier versions was that the filter was built around
>AuthenticationMethod (otherwise why should it be
>specific to <AuthenticationQuery>?). My guess is
>that line 996 should read:

><AuthenticationMethod>[Optional]


In

http://lists.oasis-open.org/archives/security-services/200202/msg00002.html

I further noted:

>First, I have noted in 
>
>http://lists.oasis-open.org/archives/security-services/200201/msg00262.html
>
>That we have a problem with the occurrence of <saml:ConfirmationMethod> on
>line 996. My belief is that this 
>element should be an (optional) <AuthenticationMethod> element.
>This is consistent with notes from F2F#3 wherein this field
>was called Authntype.

>http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Notes-Hodg
e
s-WhiteboardTranscription.pdf



In other words, the F2F-3 notes clearly indicate that the  query is against
AuthenticationMethod and not ConfirmationMethod. Unfortunately, I do not
have the latest draft at hand, so I will re-issue the proposed change with
the correct line numbers tomorrow.

- prateek 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC