[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: comments: sstc-saml-x509-authn-attrib-profile-draft-11
Ari and I have agreed that I will submit draft-12 for review asap. All the previous comments re draft-11 seem fairly straightforward except the ones below. Comments welcome. Tom On 2/26/07, Tom Scavo <trscavo@gmail.com> wrote: > Document identifier: sstc-saml-x509-authn-attrib-profile-draft-11 > > [lines 188--189] This requirement assumes that the IdP is able to > authenticate the SP, but nowhere in this section is client > authentication required. > > [section 3] What are the security requirements of Basic Mode? This is > not clear from reading this section. > > [lines 287--291] In effect, this key becomes a "previously established > symmetric key." How long does this key remain a previously > established symmetric key? In other words, should the IdP cache this > symmetric key, or should it be discarded immediately after use? > > [lines 303--306] The <Assertion> signature is discussed, but what > about the <Response>? Must it, too, satisfy FIPS 140-2 Security > Requirements? > > Shouldn't this spec be cast as a "deployment profile"? I may be > mistaken, but I thought it was agreed that this spec was to be > formulated as a deployment profile. > > The diff is evidently against CD-02, but I believe it should be > against draft-10, right? > > ----------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]