[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] An ambiguity in 1.1 that we should clarify in SAML 2.0 re: artifact processing
> We should probably have the TC decide on the correct > response, document it in a V1.1 corrigendum, and address it > in V2.0 as well. I believe I already did. Quoting the processing rules in section 3.5.3 of core: "If the responder recognizes the artifact as valid, then it responds with the associated protocol message in an <ArtifactResponse> message element. Otherwise, it responds with an <ArtifactResponse> element with no embedded message. In both cases, the <Status> element MUST include a <StatusCode> element with the code value urn:oasis:names:tc:SAML:2.0:status:Success. A response message with no embedded message inside it is termed an empty response in the remainder of this section. The responder MUST enforce a one-time-use property on the artifact by insuring that any subsequent request with the same artifact by any requester results in an empty response as described above." I don't see any ambiguity in that text, since your example follows that pretty directly. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]