OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] comments on bindings-model-14


Yes I see the same issues with section numbering. Also, while we're on
formatting issues, the indentation in lines 132-149 is messed up.

-Allen

> -----Original Message-----
> From: Jeff Hodges [mailto:Jeff.Hodges@sun.com]
> Sent: Monday, April 08, 2002 12:20 PM
> To: oasis sstc
> Subject: [security-services] comments on bindings-model-14
>
>
> Prateek -- thanks for getting that out.
>
> Two quick editorial comments..
>
> 1. altho the sections are numbered in the TOC, sections are
> unnumbered in the
> document body. A Word problem? Anyone else see this or is it just  me?
>
>
> 2. wrt "Confirmation Method Identifiers" section
>
> It's lacking introduction text. I suggest we leverage the
> text Hal wrote that
> appeared in core-28...
>
>                   ---------------------------------------
>
> <SubjectConfirmationMethod> is a part of the
> <SubjectConfirmation>, which is
> used to allow the Relying Party to confirm that the request
> or message came
> from the System Entity that corresponds to the Subject in the
> statement. The
> <SubjectConfirmationMethod> indicates the method which the
> Relying Party can
> use to do this in the future. This may or may not have any
> relationship to an
> authentication that was performed previously. Unlike the
> Authentication Method,
> the <SubjectConfirmationMethod> will usually be accompanied
> with some piece of
> information, such as a certificate or key, which will allow
> the Relying Party
> to perform the necessary check.
>
> There are many <SubjectConfirmationMethod>, because there are
> many different
> SAML usage scenarios. A few examples are:
>
> 1. A user logs in with a password, but a temporary passcode
> or cookie is issued
> for confirmation purposes to avoid repeated exposure of the
> long term password.
>
> 2. There is no login, but an application request is digitally
> signed. The
> associated public key is used for confirmation.
>
>                   ---------------------------------------
>
> It needs at least a reference to [SAMLCore] in the first
> sentence, and perhaps
> the first example needs redo because we don't have a password
> confirmation
> method at this point.
>
> I'd change the first "many" in  the second paragraph to
> "several", and "few" to
> "couple" as appropriate.
>
>
> JeffH
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC