[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Another attempt at AllowCreate cleanup
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems you are trying to talk in an overtly positive way on something you want to prevent. So, why don't you try stating what you are trying to prevent? Furthermore, both suggestions do not say specifically what the values of _true_ or _false_ means. How about: "A Boolean value of _false_ prevents the identity provider from creating a new identifier (or associating an existing identifier) representing the principal (Q:which principal???) with the relying party." And just not say anything for _true_ leaving it open to implementations? Disclaimer: I'm coming at this on a casual read during my lunch, without much knowledge of what you are talking about. :) Cheers, - -Polar On Tue, 24 May 2005, Brian Campbell wrote: > A few little comments/suggestion are inline below. Overall, however, I > think this text from Scott significantly clarifies things. > > > -----Original Message----- > > Replace definition of AllowCreate, lines 2123-2129: > > > > "A Boolean value used to indicate whether the requester grants to the > > identity provider, in the course of fulfilling the request, permission > to > > create a new identifier or to associate an existing identifier > > representing > > the principal with the relying party. Defaults to "false" if not > present > > or > > the entire element is omitted." > > I don't really like the use of the word 'permission' here. I took a > shot at rewording it but I'm not sure it's any better. Here's what I > came up with (an alternative replacement for lines 2123-2129 of core): > > "A Boolean value used by the requester to indicate its desire that, in > the course of fulfilling the request, the identity provider be at > liberty to create a new identifier or to associate an existing > identifier representing the principal with the service provider. > Defaults to 'false' if not present or the entire element is omitted." > > > > Replace lines 2475-2479 with: > > > > --- > > > > "If the <Terminate> element is included in the request, the requesting > > ... > > Do you mean replace the whole paragraph on lines 2475-2480? > > > Brian and I both seemed to agree that one mistake we made was not > carving > > out SP-initiated NIM in conformance. Because that's the most explicit > > indication of persistent state maintainence in the spec, so the real > > difference between lightweight and basic was probably there. > > Agreed. > > > > --Brian > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCk1D7gjVWvLN7uBARAiFwAKCSa3gljyV4ltCsM17Sm2NLGF8VWwCcDJWK p+kh0l3yicNx+yJXqOZi+h8= =q0D0 -----END PGP SIGNATURE-----
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]