RE: [security-services] A browser/POST question...

["Jahan Moreh" <jmoreh@sigaba.com>]

Eve-
PE20 is the number. I was going to even include the exact text in the
disposition. I will publish the errata doc later today.

Thanks,
Jahan

----------------
Jahan Moreh
Chief Security Architect
310.286.3070

> -----Original Message-----
> From: Eve L. Maler [mailto:eve.maler@sun.com]
> Sent: Friday, May 02, 2003 7:51 AM
> To: ''security-services@lists.oasis-open.org ' '
> Subject: Re: [security-services] A browser/POST question...
>
>
> Jahan, can I assume that this will get a PE20 designation in the errata
> document now that it seems this has settled down?  (I will take that
> chance and mention this number in the revision history.)  The
> disposition would be something like "revised text worked out on the
> list, expecting TC approval at next opportunity".  Thanks!
>
> 	Eve
>
> Philpott, Robert wrote:
> > And if I might tweak the tweak...
> >
> > Change "subject-containing" to "subject-based"?
> >
> > Rob Philpott
> > RSA Security Inc.
> > The Most Trusted Name in e-Security
> > Tel: 781-515-7115
> > Mobile: 617-510-0893
> > Fax: 781-515-7020
> > mailto:rphilpott@rsasecurity.com
> >
> >
> >
> >>-----Original Message-----
> >>From: Eve L. Maler [mailto:eve.maler@sun.com]
> >>Sent: Thursday, May 01, 2003 6:50 PM
> >>To: ''security-services@lists.oasis-open.org ' '
> >>Subject: Re: [security-services] A browser/POST question...
> >>
> >>I would editorially tweak as follows (since it would be pretty unusual
> >>for there to be real saml:SubjectStatement elements present):
> >>
> >>Every subject-containing statement present in the assertion(s) returned
> >>to the destination site MUST also contain a <SubjectConfirmation>
> >>element. The <ConfirmationMethod> element in the <SubjectConfirmation>
> >>MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
> >>
> >>	Eve
> >>
> >>Mishra, Prateek wrote:
> >>
> >>>Scott, Rob:
> >>>
> >>>(1) Thanks for your paitence !
> >>>(2) I finally understood the problem (that took a while!)
> >>>(3) I have no problem with the following proposed text:
> >>>
> >>>
> >>>
> >>>Does this work?  This one is for bearer, but we can update the
> >>>artifact-01
> >>>case similarly.  It precludes the case I described in my last message,
> >>>but I
> >>>really am okay with the semantics described here...
> >>>-------------------
> >>>Every <saml:SubjectStatement> present in the assertion(s) returned to
> >>>the
> >>>destination site MUST contain a <saml:SubjectConfirmation> element. The
> >>><saml:ConfirmationMethod> element in the
> <saml:SubjectConfirmation> MUST
> >>>be
> >>>set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
> >>>-------------------
> >>>
> >>>4) I agree this is kind of goofy overall and probably needs to be
> >>
> >>revised in
> >>
> >>>SAML 2.0. For good or bad it was sort of the proposal in 1.0.
> >>>
> >>>
> >>>- prateek
> >>>
> >>
> >>--
> >>Eve Maler                                        +1 781 442 3190
> >>Sun Microsystems                            cell +1 781 354 9441
> >>Web Technologies and Standards               eve.maler @ sun.com
> >
> >
>
> --
> Eve Maler                                        +1 781 442 3190
> Sun Microsystems                            cell +1 781 354 9441
> Web Technologies and Standards               eve.maler @ sun.com
>