[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comments on core-2.0-cd-01
> Section 3.7.3.1 (Lines 2340-2344) - The conditions against > which assertions are measured to determine if a > <LogoutRequest> should be applied to omits the fundamental > requirement of a match against any of BaseID or NamedID or > EncryptedID. I think there's some language in the single logout profile about this, because there was a sense on my part that it wasn't obvious at the core protocol level exactly what relationship existed between assertions and the logout process. Whereas in the profile, it's discussed more in the context of SSO. See line 1256 of profiles. I'm willing to say more, but it's not quite so clear where to do it. > Section 8.3 - > urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted missing > from list of valid Format values We *may* not want to place it there, because it's actually not a NameID Format, but rather only gets used in a NameIDPolicy element's Format attribute. It was an oversight not saying something more about it, but I don't think we should add to that section. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]