[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups -sstc-saml-profiles-2.0-draft-08-diff.pdf uploaded
> 254 - SOAP Binding is omitted. The Artifact Binding does not assume that the SOAP binding is used to dereference the artifact, therefore neither does this profile. That's a conformance question. > 264 - also updates (or at least subsumes) artifact confirmation method True. > 324 - In both of sections 4.1.3.3 or 4.1.3.5, the possibility of the > <AuthnRequest> and <Response> being passed through the artifact binding is > presented but no mention is made of the subsequent dereferencing step. I don't mind mentioning it in passing, but I was trying to keep this sequence of steps constrained to the SSO message exchange. > 333 - does the recommendation 'that the HTTP exchanges in this step be > made over SSL or TLS' include both front and back-channel HTTP > interactions? Same for line 358. Only the front-channel, needs clarification. The use of the artifact binding brings along its own practices, of course. > 346 - 'in the form of <RequestedAuthnContext> or <Scoping>' Good catch, thanks. > 456 - the URI for ecp doesn't include 'SSO', as does the browser profile, > e.g. '...profiles:ecp' versus '...profiles:SSO:browser' I think I probably made up the SSO URI, so I'm to blame for the inconsistency. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]