[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] comments on bindings-model-14
Yes I see the same issues with section numbering. Also, while we're on formatting issues, the indentation in lines 132-149 is messed up. -Allen > -----Original Message----- > From: Jeff Hodges [mailto:Jeff.Hodges@sun.com] > Sent: Monday, April 08, 2002 12:20 PM > To: oasis sstc > Subject: [security-services] comments on bindings-model-14 > > > Prateek -- thanks for getting that out. > > Two quick editorial comments.. > > 1. altho the sections are numbered in the TOC, sections are > unnumbered in the > document body. A Word problem? Anyone else see this or is it just me? > > > 2. wrt "Confirmation Method Identifiers" section > > It's lacking introduction text. I suggest we leverage the > text Hal wrote that > appeared in core-28... > > --------------------------------------- > > <SubjectConfirmationMethod> is a part of the > <SubjectConfirmation>, which is > used to allow the Relying Party to confirm that the request > or message came > from the System Entity that corresponds to the Subject in the > statement. The > <SubjectConfirmationMethod> indicates the method which the > Relying Party can > use to do this in the future. This may or may not have any > relationship to an > authentication that was performed previously. Unlike the > Authentication Method, > the <SubjectConfirmationMethod> will usually be accompanied > with some piece of > information, such as a certificate or key, which will allow > the Relying Party > to perform the necessary check. > > There are many <SubjectConfirmationMethod>, because there are > many different > SAML usage scenarios. A few examples are: > > 1. A user logs in with a password, but a temporary passcode > or cookie is issued > for confirmation purposes to avoid repeated exposure of the > long term password. > > 2. There is no login, but an application request is digitally > signed. The > associated public key is used for confirmation. > > --------------------------------------- > > It needs at least a reference to [SAMLCore] in the first > sentence, and perhaps > the first example needs redo because we don't have a password > confirmation > method at this point. > > I'd change the first "many" in the second paragraph to > "several", and "few" to > "couple" as appropriate. > > > JeffH > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC