[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Potential Errata # 10 - Discussion Thread
During the TC telecon of 2/18 it was decided to open a discussion thread on potential errata #10. The purpose is to solicit views and discussions so that we may dispose of this item by march 4, 2003. Below is a description. The original email reporting this item can be found at http://lists.oasis-open.org/archives/security-services/200301/msg00014.html Thanks, Jahan PE10:Guidance on Element <RespondWith> First reported by: Rob Philpott Message: http://lists.oasis-open.org/archives/security-services/200301/msg00014.html Document: Assertions and Protocols Description: Should provide better guidance on rationalizing use of RespondWith elements in a query and the associated Query type. I know there's been some discussion on this topic on the list, but I don't think the current text here is very clear. For example, we should be explicit about what happens on an AuthenticationQuery that includes a RespondWith for a saml:AttributeStatement. Another example is when an authority has an existing Web SSO assertion that contains both AuthenticationStatements and an AttributeStatement (e.g. what we used in the Interop). Now if a later AuthenticationQuery arrives for the SAML Subject with a RespondWith of saml:AuthenticationStatement, this Web SSO assertion should NOT be returned according to lines 963-964. So we should be explicit that if an assertion contains multiple statement types, there must be a RespondWith in the query for every statement type in the assertion (assuming at least one RespondWith is specified). ---------------- Jahan Moreh Chief Security Architect 310.286.3070
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC