OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SSO Profile confusion

Thomas Wisniewski wrote:
> Can you clarify the following bullets in Profiles: 576, 578, and 580, 
> and 584 -- which seem to contradict the above statement. They imply that 
> one MUST verify various pieces against *any* bearer conf method (even if 
> there is one that satisfied all requirements already)?

As Brian said, I don't think it makes sense to check all of them based 
on the rules that always made confirmation "any one of".

Plus if you did check them all, they'd all have the same values and it 
would just be silly to have them, right?

I think it's just a matter of changing "any" to "the" or perhaps "a". We 
need some language to explain the concept here, I guess, that you're 
looking for a bearer method that contains all the required attributes 
(Recipient and NotOnOrAfter) and also passes the checking.

But what to do with multiple assertions is still too vague, not to 
mention multiple authn statements. Nobody but me seemed to be all that 
bothered by it at the time, so I concluded that having implemented it 
before in 1.1, that I was the only one confused by that.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]