[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] comments on sstc-saml-profiles-2.0-draft-12
> - Naive question and observation - but why haven't we brought the actual > PAOS spec under SAML. Just seems odd that part of SAML 2.0 specs refer > out to liberty (whereas everything else has been folded into SAML 2.0) Because it wasn't donated, and because it's just a SOAP specification. It has nothing specific to Liberty in it, any more than any other SOAP-related work does. One could just as easily ask (and I have) why we're using SOAP at all, since 1.1 has no standing anywhere. > - 4.2.3 line 582. URNs should be double quoted - rather than single I don't know for certain, I just left the example as it was. > - 4.2.4 line 600. "SOAP request" -> "<AuthnRequest>" ?? It's both, but I clarified. > - 4.2.4.4 should the optional <S:Header> .. </S:Header> be > shown. The example in the SOAP binding does not include this. Probably not, since both the SP-provided headers are removed. > - 4.2.4.1 line 623 "bythe" -> "by the" > > - 4.2.6. line 767. Not clear why need reference to 4.1.4.5. > Processing rules for POST Because otherwise I'd have to repeat them. All the rules in that section apply. They're security processing rules, not anything to do with the POST binding. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]