[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comments on core-2.0-cd-01
Scott, inline >-----Original Message----- >From: Scott Cantor [mailto:cantor.2@osu.edu] >Sent: Thursday, August 26, 2004 11:33 AM >To: 'Paul Madsen'; security-services@lists.oasis-open.org >Subject: RE: [security-services] Comments on core-2.0-cd-01 > > >> Section 3.7.3.1 (Lines 2340-2344) - The conditions against >> which assertions are measured to determine if a >> <LogoutRequest> should be applied to omits the fundamental >> requirement of a match against any of BaseID or NamedID or >> EncryptedID. Excuse my line numbers (they must have been against the last call draft) The lines I'm referring to are actually 2423-2429 in CD. They appear to be specific to guiding the session participant for <assertion>s received after the <LogoutRequest>. We don't mention that there must be match on NameID (or equivalent) even though we do make this requirement in the paragraph above (Lines 2415-2417) for the more general case when the <LogoutRequest> arrives after the <Assertion> > >I think there's some language in the single logout profile about this, >because there was a sense on my part that it wasn't obvious at the core >protocol level exactly what relationship existed between >assertions and the >logout process. > >Whereas in the profile, it's discussed more in the context of >SSO. See line >1256 of profiles. > >I'm willing to say more, but it's not quite so clear where to do it. > >> Section 8.3 - >> urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted missing >> from list of valid Format values > >We *may* not want to place it there, because it's actually not a NameID >Format, but rather only gets used in a NameIDPolicy element's Format >attribute. > >It was an oversight not saying something more about it, but I >don't think we >should add to that section. Well the intro para for 8.3 says 'The following identifiers MAY be used in the Format attribute of the <NameID>, <NameIDPolicy> ....' so the opening is there to list it in this section. In that case, the title of the section could be massaged. Paul > >-- Scott >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]