OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: commets on sstc-saml-core-2.0-draft-06.pdf


Comments below:

John

*******************************


- lots new terms are defined and used:  "session authority, session
participant, identity provider etc etc)  For the reader it would use useful
to define these terms more clearly - and perhaps up front (or at least refer
out to the glossary)

- line 203.  bindings and profiles documentation now split

- line 740 SessionIndex.  Would like to see this better defined.  Why called
SessionIndex - would not SessionID be a clearer term?

- line 1095 Consent.  To assist in interoperability should this not be
defined as boolean?

- 3.2.2.2 Unknownprincipal, InvalidNameIDFormat InvalidConfirmingSubject and
unsupported binding status codes missing that are defined later in doc.

- 3.2.2.2 How about some other status codes - including unsupported
operation (e.g particular request protocol not supported)

- line 1368 and 1405 "Rules in Section Response".  what does this mean?  is
a word missing?

- 3.3.4.1 - perhaps re-title as "processing rules" to be consistent with new
sections of other protocols

- line 1395 unnecessary 4.2 section marker?

- 3.3.3.4 AuthzDecisonQUery - also include warning re support for authz dec
statments - and queries??

- line 1504 - Reqest -> Request

- 3.4 Whilst using the term Replying Party - not using Asserting Party else
where in doc.  Hence mixing the IdP/SdP Asserting/Relying definition sets.
Do we mean to do this?

- line 1510 responder -> identity provider?

- line 1525.  to be clear:  "issuer" -> "request issuer"

- lines 1536/1537 - not described how this is determined - e.g Subject in
the RequestType?

- lines 1533-1580 - is it allowable to have all of these optional
elements/attributes absent?

- 3.4.1.  definitions of IDPList IDPEntry RequestChain missing from list of
elements/attributes

- 3.7 Font of this section wrong

- 3.7.1 session authority not defined in previous section

- line 1966 "service providers" -> replying parties?

- line 2011 Session Participant Rules on new line as title?

- 3.7.3.1 no text describes processing if  a session participant does not
get back the LogoutResponse

- 5.4.7  what about 1.1 interoperability

- 5.4.8  Given that implementation difficulty of combining signed assertions
inside signed response do we want to a) say anything - and perhaps say not
required b) have a simpler example

- 7.1 include a DCE AuthenticationMethod identifier

- 7.3 include Kerberos NameIdentiofier

- 7.3 include DCE NAmeIdentifier











[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]