[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
Fair enough. -- Steve Anderson OpenNetwork > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Friday, November 12, 2004 1:54 PM > To: Steve Anderson > Cc: 'SAML' > Subject: RE: [security-services] Proposed clean up on subject text > > > So, you don't see any danger in a malicious party presenting such an > > assertion to another relying party that interpreted the spec's > > unspecificity is this area (which I don't see actually stated anywhere) > > differently -- as "bearer", for instance? This is my motivation for the > > MUST clarification. > > No, the spec definitely doesn't say that, and we all think it should say > something so that there's no confusion anymore. > > But, I think "unspecified" means exactly that. You can't interpret it any > specific way and claim that's what the spec implied. It becomes > application > specific. > > My earlier point was that this is basically what sender-vouches means, but > then I always viewed them as essentially the same... > > -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]