OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Proposed erratum resolutions


Got it, actually your section number was correct and should have tipped me to the problem.
 
I agree that AllowCreate is problematic, it's a kind of "federation policy" (when to create identifiers? Lifetime of ids? Will they be rolled over every week?) that is otherwise absent from the specification.
 
- prateek

Scott Cantor <cantor.2@osu.edu> wrote:
> One concern I have with both the proposed resolution is
> the claim that working with persistent identifiers (8.3.8)
>
> "implicitly results in a new identifier being created during
> the handling of most requests"

Oops. I screwed up this text. I meant transient, not persistent. Sorry for
any confusion.

> The creation of an identifier as a consequence of SAML
> 2.0 requests is actually a special and somewhat complicated
> case quite separable from the use of "persistent" as an ID
> format; I would be concerned about adding text to core that
> suggests otherwise.

Well, as a separate consideration, it's worth noting that if you don't think
AllowCreate even matters for persistent (it certainly means nothing if you
don't create on the fly), it's hard to see where it ever would.

-- Scott


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]