[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Errata for NameIDPolicy
-----Original Message-----
From: Thomas Wisniewski
Sent: Friday, June 03, 2005 11:53 AM
To: jmoreh@sigaba.com; Thomas Wisniewski; SAML
Subject: RE: [security-services] Errata for NameIDPolicyJahan, no, this is a new Errata item.Tom.-----Original Message-----
From: Jahan Moreh [mailto:jmoreh@sigaba.com]
Sent: Friday, June 03, 2005 11:43 AM
To: Thomas Wisniewski; SAML
Subject: RE: [security-services] Errata for NameIDPolicyThanks Tom. I assume this is for PE5 as published in draft 07 of the errata document. I will monitor this list for any discussion and on Tuesday we can hopefully finalize this during our con call.Jahan------------------------------
Jahan Moreh
Chief Security Architect
310.288.2141-----Original Message-----
From: Thomas Wisniewski [mailto:Thomas.Wisniewski@entrust.com]
Sent: Friday, June 03, 2005 5:06 AM
To: SAML
Subject: [security-services] Errata for NameIDPolicyJohan, I'm proposing the following errata text in Core as a two new paragraphs between line 2139 and 2140 related to NameIDPolicy. It centers on insuring that an IDP only returns a NameID that matches a NameIDPolicy (in terms of Format and SPNameQualifier):
"When a Format defined in Section 8.3.7 is used other than urn:oasis:names:TC:SAML:2.0:nameid-format:unspecified or urn:oasis:names:TC:SAML:2.0:nameid-format:encrypted, then if the identity provider returns any assertions, the Format value of the <NameID> within any <Assertion> MUST be identical to the Format value supplied in the <NameIDPolicy>.
If the Format value is set to urn:oasis:names:TC:SAML:2.0:nameid-format:persistent and if the SPNameQualifier is not omitted, then if the identity provider returns any assertions, the SPNameQualifier value of the <NameID> within any <Assertion> MUST be identical to the SPNameQualifier value supplied in the <NameIDPolicy>."
Tom.
Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
EntrustÒ
Securing Digital Identities
& Information
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]