OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] Editorial comment (or issue?) on core-31

I consider this a pretty obvious editorial error that most readers of 
the spec would ultimately catch.  I have no problem with our fixing it...


Philpott, Robert wrote:
> I just noticed this one a few minutes ago...
> Line 1262 of core-31 says the IssueInstant of a RESPONSE is the "time 
> instant of issue of the REQUEST".  I really do believe this is a cut and 
> paste error and should really be the "time issue instant of the 
> response".   It really does change the normative meaning of the 
> definition so it's not quite just an editorial change.
> What harm will occur if this is left as-is for V1.0?  As far as I can 
> recall, we specify no processing requirements in the spec for the 
> IssueInstant.  If that's the case, then there probably is no harm in 
> leaving it and fixing it in V1.1.
> But if an authority uses the response creation time, then and some 
> relying party incorrectly assumes that it is supposed to be the response 
> instant of the corresponding request, then it might decide to reject the 
> response because of a mismatch.
> Thoughts?

Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC