OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Proposed clean up on subject text


Fair enough.
--
Steve Anderson
OpenNetwork
 

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Friday, November 12, 2004 1:54 PM
> To: Steve Anderson
> Cc: 'SAML'
> Subject: RE: [security-services] Proposed clean up on subject text
> 
> > So, you don't see any danger in a malicious party presenting such an
> > assertion to another relying party that interpreted the spec's
> > unspecificity is this area (which I don't see actually stated
anywhere)
> > differently -- as "bearer", for instance?  This is my motivation for
the
> > MUST clarification.
> 
> No, the spec definitely doesn't say that, and we all think it should
say
> something so that there's no confusion anymore.
> 
> But, I think "unspecified" means exactly that. You can't interpret it
any
> specific way and claim that's what the spec implied. It becomes
> application
> specific.
> 
> My earlier point was that this is basically what sender-vouches means,
but
> then I always viewed them as essentially the same...
> 
> -- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]