[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] New (minor) Issue: AuthNMethod,not Confi rmationMethod in AuthNQuery
This issue first surfaced in: http://lists.oasis-open.org/archives/security-services/200201/msg00147.html wherein it was pointed out that: >(2) >996, use of ConfirmationMethod >656, use of AuthenticationMethod >There is some inconsistency here. My understanding >in earlier versions was that the filter was built around >AuthenticationMethod (otherwise why should it be >specific to <AuthenticationQuery>?). My guess is >that line 996 should read: ><AuthenticationMethod>[Optional] In http://lists.oasis-open.org/archives/security-services/200202/msg00002.html I further noted: >First, I have noted in > >http://lists.oasis-open.org/archives/security-services/200201/msg00262.html > >That we have a problem with the occurrence of <saml:ConfirmationMethod> on >line 996. My belief is that this >element should be an (optional) <AuthenticationMethod> element. >This is consistent with notes from F2F#3 wherein this field >was called Authntype. >http://www.oasis-open.org/committees/security/minutes/SSTC-F2F-3-Notes-Hodg e s-WhiteboardTranscription.pdf In other words, the F2F-3 notes clearly indicate that the query is against AuthenticationMethod and not ConfirmationMethod. Unfortunately, I do not have the latest draft at hand, so I will re-issue the proposed change with the correct line numbers tomorrow. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC