OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - sstc-saml-x509-authn-based-attribute-protocol-profile-2.0-draft-06-diff.pdf uploaded

Sorry these comments are a bit late...

General comment...I'd suggest qualifying the elements in the profile using
saml: and samlp: just for clarity.

Lines 44-45: Same as the XPath profile comments, I think based on proposed
practice, the URIs should be:


Line 83, I would append "through unspecified means".

Line 108, I would change to:

The <AttributeQuery>, <Response>, and <Assertion> MAY be signed using this

Lines 109-111, suggested text:

"The service provider and identity provider MAY use metadata in support of
this profile for locating endpoints, communicating key information, etc. If
SAML 2.0 metadata is used, the <md:AttributeAuthorityDescriptor> element in
[SAMLMeta] and the mdext:AttributeRequesterDescriptorType complex type in
[SAMLMeta-Ext] SHOULD be used with this profile.

Line 122: should this say "any enclosed <Assertion> elements" instead?

Line 135: the SP has no way to communicate additional conditions in its
query, so I would strike that part and just say "MAY be included at the
discretion of the identity provider".

Line 151-153: same metadata text as lines 109-111.

Line 200: should this say "any enclosed <Assertion> elements" instead?

Line 218, same comment as line 135.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]