OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: ooops, or error on lines 523-524 of binding



Lines 523-524 of bindings-07 state:

>In steps 4 and 5, the destination site, in effect, dereferences the >one or
more SAML artifacts in its possession in order to acquire a >>SAML SSO
assertion that corresponds to each artifact.


Unfortunately, this is a botched correction of an earlier incorrect
statement in cs-sstc-bindings-01:

500 - 501 

"dereferences the one or more SAML artifacts in its possession in order to
acquire a SAML authentication assertion that corresponds to each artifact"

Other contexts in bindings-07 make it clear that assertions other than SSO
assertions may be passed via artifacts:

550 At least one of the SAML assertions returned to the destination site
MUST be an SSO assertion.

OR

611 	SAML assertions communicated in step 5 MUST include an SSO
assertion.

OR

718-721

Exactly one SAML response MUST be included within the FORM body with the
control name SAMLResponse; multiple SAML assertions MAY be included in the
response. At least one of the assertions MUST be an SSO assertion. A single
target description MUST be included with the control name TARGET.

-------------------------------------------------------------------

SUMMARY: I am making the editorial recommendation that we remove the word
SSO from lines 523-524. It would then read:

>In steps 4 and 5, the destination site, in effect, dereferences the >one or
more SAML artifacts in its possession in order to acquire a >>SAML assertion
that corresponds to each artifact.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]