OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] PE2 and <ArtifactResolutionService>

> The text in SAMLProf at para (Line 639), however, is just 
> another bare statement in the conjunction set that is the 
> specification ... unlike all the other appearances of Metadata 
> uses, including in the numbered Metadata sections, each 
> use/para of which is couched in a bed of SHOULD/MAY 
> conditionals and non-normative text. 

You're right, when you mentioned PE2, I was confusing this text with my
suggested addition to bindings. This statement is a little strong and
probably should have been qualified.

> Perhaps that "if you do use it" text you mention should be 
> added there (e.g. if the artifact issuer does use metadata 
> as specified in [SAMLMeta])?


> What do you think, as well, of adding in SAMLMeta text some
> text about this in SSODescriptorType, for any entity delivering
> requests or responses using HTTP Artifact ... in parallel to 
> the way SingleSignOnService is couched, wrt to any SAML authority
> that supports the Authentication Request protocol (aka IDP)?

Probably. As the errata noted, this could go on essentially endlessly where
metadata is concerned, and I don't think anybody is supplying the cycles to
do this work right now, but volunteers are welcome.

Adding a ton of clarifications though is really more than errata and could
be addressed for now as implementation guidelines, something else that needs

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]