OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] comments on sstc-saml-profiles-2.0-draft-12

> - Naive question and observation - but why haven't we brought the actual
> PAOS spec under SAML.  Just seems odd that part of SAML 2.0 specs refer
> out to liberty (whereas everything else has been folded into SAML 2.0)

Because it wasn't donated, and because it's just a SOAP specification. It
has nothing specific to Liberty in it, any more than any other SOAP-related
work does.

One could just as easily ask (and I have) why we're using SOAP at all, since
1.1 has no standing anywhere.

> - 4.2.3 line 582.  URNs should be double quoted - rather than single

I don't know for certain, I just left the example as it was.

> - 4.2.4 line 600.  "SOAP request" -> "<AuthnRequest>" ??

It's both, but I clarified.

> -  should the optional <S:Header> .. </S:Header> be 
> shown.  The example in the SOAP binding does not include this.

Probably not, since both the SP-provided headers are removed.

> - line 623 "bythe" -> "by the"
> - 4.2.6. line 767.  Not clear why need reference to  
> Processing rules for POST

Because otherwise I'd have to repeat them. All the rules in that section
apply. They're security processing rules, not anything to do with the POST

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]