OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Errata in ManageNameIDRequest text

I'm sure Scott is quite tired of hearing from me at this point but let me chime in again.  The text in the specs seems to be a bit contradictory.  For example:


"After establishing a name identifier for a principal, an identity provider wishing to change the value and/or format of the identifier that it will use when referring to the principal" - Core line 2412


But shortly after that it says:


"<NewID> or <NewEncryptedID> or <Terminate> [Required]

The new identifier value (in plaintext or encrypted form) to be used when communicating with the requesting provider concerning this principal" - Core line 2433


Not that Profiles also talks about the IDP changing the format on line 1321.


I’d propose that, in addition to the changes Scott has suggested, that the ‘and/or format’ be removed from line 1321 of Profiles and from 2412-3 or Core.


> -----Original Message-----

> From: Scott Cantor [mailto:cantor.2@osu.edu]

> Sent: Wednesday, April 13, 2005 3:02 PM

> To: security-services@lists.oasis-open.org

> Subject: [security-services] Errata in ManageNameIDRequest text


> I first thought this was a schema bug, because I could swear that things

> were set up to enable an IdP to register a new ID with a different Format

> or

> NameQualifier with the SP, but reading closer, the text is fairly explicit

> about NewID being the NameID "content" and it rules out changing anything

> else. Annoying to me, but ok.


> But I think we need text explaining that if the NewID is encrypted (the

> NewEncryptedID choice), that the element being encrypted is just the NewID

> element and not a full NameID as in the more typical EncryptedID element.


> Otherwise it gets a little ugly and it doesn't match what's in the text to

> explain what to do with it.


> -- Scott



> ---------------------------------------------------------------------

> To unsubscribe from this mail list, you must leave the OASIS TC that

> generates this mail.  You may a link to this group and all your TCs in


> at:

> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]