OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments on sstc-saml-profiles-2.0-draft-02

Comments below:



- In section 3.1/3.2/3.3 we should start to use IDp and SP terms

- line 193.  In the generic description of Web Browser SSO profiles the
"assertion consumer service" is used.  However this component is only used
in Browser/POST profile.

- line 263 re <inter site transfer host name> (plus else where in spec).  I
know we went though this the last time in SAML 1.1.  But we still have it
wrong - and for http-literate reader its confusing.  line 249 is correct re
URL structure. Line 260 is correct.  However having line 263 confuses
things - as it does not relate to the example. Note:  <path> can either be
the abs_path on the web server - or it be the absoluteURI.  In HTTP 1.1 it
would be more normal for the HTTP req to be of the form:

	GET /artifactReceiver?TARGET={target} HTTP/1.1
	Host: www.remoteServer.com:8001

although u could have (and it would be rare and only in HTTP 1.0 clients)
the following

	GET http://www.remoteServer.com:8001/artifactReceiver?TARGET={target}

in line 256 u already define the host location.  I would therefore recommend
just deleting lines 263->265 (and else where were this style is used)

line 268:  Target=<Target>   => TARGET=<Target>

line 682:  The diagram has 6 steps - yet following sections only describe
step 1 and 2

line 687: should we not use a SAML URI - rather than liberty

line 692:  not clear what the service value (urn:saml2:idp:authentication) -
seems like a new type of saml URI has been defined

line 692 on the PAOS: header line.  The quotation marks are wrong

line 700:  what does "targeted at "next" mean?  Is this the "role"

line 705:  what SOAP Message security header block? Is this WSS?

line 708:  Attribute responseConsumerURL - yet the description is for the
assertionConsumerURL (and the example in 711 has responseConsumerURL)

line 711, 715, 726:  I guess the "plugh" namespace will be replaced with the
correct one

line 726 (and 730):  The examples have a <AuthResponse> element.  Core does
not define such an element - and it defines it to be in the liberty

line 782:  TLS_RSA_WITH_AES  (missing WITH)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]