OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Two potential errata items

I took action items to propose clarification text for these items. Jahan,
please create errata for them.

First, Rob's issue about the use of default indexed endpoints in metadata:

Suggest we modify Metadata, line 272:

"In any such sequence of indexed endpoints that share a common element name
and namespace (i.e. all instances of <md:AssertionConsumerService> within a
role), the default endpoint is..."

Finally, YALI (yet another logout issue):

I reviewed all the text in core and profiles and I conclude that Conor was
right. There's already text in core that's explicit about the relationship
between SessionIndex in LogoutRequest and AuthnStatement, so his suggestion,
modified a bit, makes sense:

Change Core, line 2546:

"The index of the session between the pricipal identified by the
<saml:BaseID>, <saml:NameID>, or <saml:EncryptedID> element, and the session
authority. This must correlate to the SessionIndex attribute, if any, in the
<saml:AuthnStatement> of the assertion used to establish the session that is
being terminated."

For clarity around why an SP MUST include SessionIndex in the SLO profile, I
suggest changing Profiles, line 1302-1304 to:

"If the requester is a session participant, it MUST include at least one
<SessionIndex> element in the request. (Note that the session participant
always receives a SessionIndex attribute in the <saml:AuthnStatement>
elements that it receives to initiate the session, per section of
the Web Browser SSO Profile.)

If the requester is a session authority (or acting on its behalf), then it
MAY omit any such elements to indicate the termination of all of the
principal's applicable sessions."

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]