OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] errata: misuse of strongly matches

On 10/24/06, Scott Cantor <cantor.2@osu.edu> wrote:
> > The text on lines 1949--1953 satisfies the 80-20 rule, surely.  There
> > are some cases that are not covered, however.  For instance, I don't
> > think it makes sense to compare <BaseID> with <NameID>.
> No, but that's not allowed by that text, unless you think that satisfies the
> meaning of "identical".

I agree with your definition of "identical" but I think it only
applies to two elements of type NameIDType (after decryption of
course).  I don't know what it means for two elements of type
BaseIDAbstractType to be identical, let alone two elements of type

There's also the issue of the Format attribute.  The <NameID> element
defaults to Format "unspecified", so what if one element has no Format
attribute and the other is "unspecified"?  Two such <NameID> elements
might be called equivalent.  Is equivalence good enough on lines
2600--2601 of SAMLCore and 1299--1301 of SAMLProf?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]