OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Comments on core-2.0-cd-01

> Section (Lines 2340-2344) - The conditions against 
> which assertions are measured to determine if a 
> <LogoutRequest> should be applied to omits the fundamental 
> requirement of a match against any of BaseID or NamedID or 
> EncryptedID. 

I think there's some language in the single logout profile about this,
because there was a sense on my part that it wasn't obvious at the core
protocol level exactly what relationship existed between assertions and the
logout process.

Whereas in the profile, it's discussed more in the context of SSO. See line
1256 of profiles.

I'm willing to say more, but it's not quite so clear where to do it.

> Section 8.3 - 
> urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted missing 
> from list of valid Format values

We *may* not want to place it there, because it's actually not a NameID
Format, but rather only gets used in a NameIDPolicy element's Format

It was an oversight not saying something more about it, but I don't think we
should add to that section.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]