OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Proposed clean up on subject text


Looks good, but... 

Should we be more normative with the "can treat"'s in both paragraphs?
Should they be changed to "MAY treat" (i.e. it is truly optional)?
"SHOULD treat" (i.e. it is recommended but there may be valid reasons
not to do so)?

I think we should be normative about it.

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc. 
Tel: 781-515-7115 
Mobile: 617-510-0893 
Fax: 781-515-7020 
mailto:rphilpott@rsasecurity.com

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Thursday, November 11, 2004 9:35 PM
> To: SAML
> Subject: [security-services] Proposed clean up on subject text
> 
> To wrap up that thread on describing the two options for Subject
content
> (the one Rob, Ron, Conor, me, etc. presented text for), here's a small
> modification to Rob's text that adds Ron's clarification:
> 
> "A <Subject> element can contain both an identifier and zero or more
> subject
> confirmations which a relying party can verify when processing an
> assertion.
> Once any subject confirmations are verified, the relying party can
treat
> the
> entity presenting the assertion as the entity that the SAML authority
> associates with the name identifier and the claims in the assertion.
> 
> Alternatively, a <Subject> element can contain one or more subject
> confirmations without an identifier being present. In this case, once
any
> of
> the subject confirmations are verified, the relying party can treat
the
> entity presenting the assertion as the entity that the SAML authority
> associates with the claims in the assertion."
> 
> The intent, of course, is that "can treat the entity presenting the
> assertion as...." is code for "it means whatever you want it to mean".
> 
> -- Scott
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster
of
> the OASIS TC), go to http://www.oasis-
>
open.org/apps/org/workgroup/security-services/members/leave_workgroup.ph
p.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]