OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Potential Errata # 10 - Discussion Thread

During the TC telecon of 2/18 it was decided to open a discussion thread on
potential errata #10. The purpose is to solicit views and discussions so
that we may dispose of this item by march 4, 2003. Below is a description.
The original email reporting this item can be found at


PE10:Guidance on Element <RespondWith>
First reported by: Rob Philpott
Document: Assertions and Protocols
Description: Should provide better guidance on rationalizing use of
RespondWith elements in a query and the associated Query type.  I know
there's been some discussion on this topic on the list, but I don't think
the current text here is very clear. For example, we should be explicit
about what happens on an AuthenticationQuery that includes a RespondWith for
a saml:AttributeStatement.  Another example is when an authority has an
existing Web SSO assertion that contains both AuthenticationStatements and
an AttributeStatement (e.g. what we used in the Interop).  Now if a later
AuthenticationQuery arrives for the SAML Subject with a RespondWith of
saml:AuthenticationStatement, this Web SSO assertion should NOT be returned
according to lines 963-964. So we should be explicit that if an assertion
contains multiple statement types, there must be a RespondWith in the query
for every statement type in the assertion (assuming at least one RespondWith
is specified).
Jahan Moreh
Chief Security Architect

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC