OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: A browser/POST question...

In the browser/artifact profile, we now say that ConfirmationData SHOULD NOT be supplied.  But in Browser/POST, we say nothing about ConfirmationData.  I looked back through the mail archive, but couldn't find a conclusive statement.  For consistency and completeness of the B&P spec, I think we should provide a normative statement about it.  I've assumed MUST NOT applies, but then I haven't thought about it a lot.  So is ConfirmationData a "MUST NOT", "SHOULD NOT", "MAY", or something else?



Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]