OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Stateless Conformity To SAML

> Yes, my mistake - mgmt not mapping.  I was looking for the return status
> to the mgmt request to indicate "unwilling" and wound up in the mapping
> section inadvertently.  So, is the status for "unwilling to write ID
> change" still InvalidNameIDPolicy, or is it something more meaningful I
> did not find?

Well, metadata for an SP that didn't support the profile should obviously
not claim to support the profile. Thus, you'd never get such a request. Note
that this is basically true even if you're not using the SAML metadata spec.
Metadata is just a formal way of doing what people have to do out of band
otherwise, so same thing applies.

This ties into my earlier note, we would need to make sure that the schema
is accurate wrt conformance.

Apart from that, you could always return RequestDenied.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]