OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups -sstc-saml-profiles-2.0-draft-08-diff.pdf uploaded

> 254 - SOAP Binding is omitted.

The Artifact Binding does not assume that the SOAP binding is used to
dereference the artifact, therefore neither does this profile. That's a
conformance question.

> 264 - also updates (or at least subsumes) artifact confirmation method


> 324 - In both of sections or, the possibility of the
> <AuthnRequest> and <Response> being passed through the artifact binding is
> presented but no mention is made of the subsequent dereferencing step.

I don't mind mentioning it in passing, but I was trying to keep this
sequence of steps constrained to the SSO message exchange.

> 333 - does the recommendation 'that the HTTP exchanges in this step be
> made over SSL or TLS' include both front and back-channel HTTP 
> interactions? Same for line 358.

Only the front-channel, needs clarification. The use of the artifact binding
brings along its own practices, of course.

> 346 - 'in the form of <RequestedAuthnContext> or <Scoping>'

Good catch, thanks.

> 456 - the URI for ecp doesn't include 'SSO', as does the browser profile,
> e.g. '...profiles:ecp' versus '...profiles:SSO:browser'

I think I probably made up the SSO URI, so I'm to blame for the

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]