OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Groups - Action Item Modified: #0294 Propose text and schemachange f...

Filling in details from Eve's template (note that I'm not 100% sure about my
use of terminology, so please review):

> If you can supply the following, I can turn it into a publishable form:
> - Who originally reported the issue and where

Ari Kermaier 


> - Which original SAML OASIS Standard doc(s) and/or schemas are
> problematic

SAML 2.0 Core spec for the NameIDMapping protocol

> - Relevant section number(s) at issue

Section 3.8.2

> - Line number(s) (in the PDF)

lines 2721-2724

> - Description of the issue and rationale for changing it

Spec defines the NameIDMappingResponseType as extending StatusResponseType
with the addition of a choice of saml:NameID or saml:EncryptedID element.
The schema does not indicate minoccurs="0", making exactly one of these
elements required in any samlp:NameIDMappingResponse.
What is the response supposed to look like if an error Status is being
returned? I would assume that the NameID/EncryptedID would have to be
omitted, but the schema doesn't allow it.

> - One or more options for how to change the original text, with
> exact text options

Line 2710: Change "[Required]" to "[Optional]"

After Line 2712, add:

"In the case of a Success response, one of these elements MUST be included.
In the case of an error response, these elements SHOULD be omitted.

Note that the specification, as originally published, erroneously made these
elements mandatory. For compatibility, receivers SHOULD ignore these
elements if present in an error response."

Line 2721: Add minOccurs="0" to choice:

<complexType name="NameIDMappingResponseType">
        <extension base="samlp:StatusResponseType">
            <choice minOccurs="0">
                <element ref="saml:NameID"/>
                <element ref="saml:EncryptedID"/>


On 5/17/07 8:26 AM, "bcampbell@pingidentity.com"
<bcampbell@pingidentity.com> wrote:

OASIS Security Services (SAML) TC member,

Mr Brian Campbell has modified
> this action item.
> Number: #0294
Description: Propose text and schema change
> Owner: Greg Whitehead
Status: Open
Mr Brian Campbell 2007-05-17 13:26 GMT

> http://lists.oasis-open.org/archives/security-services/200704/msg00068.html
> Is the original post on the subject and
> http://lists.oasis-open.org/archives/security-services/200704/maillist.html
> has pointers to the numerous replies.
View Details:
PLEASE NOTE:  If the above links do not work
> for you, your email application
may be breaking the link into two pieces.  You
> may be able to copy and paste
the entire link address into the address field
> of your web browser.

- OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]