OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: saml-tech-overview-1.1-draft-01 feedback

I have some suggestions for the SAML Technical Overview draft 01.

This is an excellent and well-written document.

Line 149 - This may read as if it says that the SAML response contains header information in the SOAP body, rather than SOAP header -  might be confusing. Would it be correct to state 

"The SAML response contains SAML status information in addition to one or more assertions."

Line 231 - I think relying party and asserting party are switched in this sentence? Should it be:
"Just providing assertions from an asserting party to a relying party may not be not be adequate for a secure system."

Line 283
It might be useful (or maybe not) to add a sentence after line 282 to define what an Intersite Transfer Service is:

"In this example, the local web site includes a component called an Inter-site Transfer Service. This is an addressable component that provides a point of functionality for SAML processing such as artifact and redirect generation."

Line 283
Might be helpful to label remote site "xyz" and local site "abc" in picture. Should probably rename "Artifact Consumer" to "Artifact Receiver" to match text.

Line 299
If #7 is removed for the URL then the later numbers will match the picture.

Line 320
"An access check is then performed to establish..."

Line 381
"The user browser will cause an HTTP POST containing the SAML response .."

regards, Frederick

Frederick Hirsch

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]