Re: [security-services] Comments on Tech Overview rev 13

["Tom Scavo" <trscavo@gmail.com>]

It was awhile ago, but if I recall, Scott subsequently corrected me
(and I think he's right).

Tom

On 7/19/07, Paul Madsen <paulmadsen@rogers.com> wrote:
> Thaks Tom, that would be my view as well -  but in the past thread you
> appear to be arguing the opposite for the 'resource' steps :-)
>
> ---------------------------------------------------------------------------------------------------
> Tom Scavo wrote
>
>  >> Eve wrote
>
>  > > - Sec 4.1.2, Figure 12 (and globally throughout all the figures): I
>  > > suspect the arrow for step 1, "Access resource", is supposed to be
>  > > dotted, not solid, because it's out of band for SAML.  (This is
>  > > probably a bug of long standing -- I'm sorry!)
>
> My interpretation is just the opposite.  By all indications, steps 1
> and 7 are in band and in scope.  In particular, see sections 4.1.3.1
> and 4.1.3.6 in SAMLProf.
> ---------------------------------------------------------------------------------------------------
>
> paul
>
> Tom Scavo wrote:
> > Paul, I think a dotted line should signify a step that is out of
> > scope.  In that case, all four of the steps you mentioned would be
> > represented by dotted lines, I believe.
> >
> > That's my two cents worth, anyway. :-)
> >
> > Tom
> >
> > On 7/19/07, Paul Madsen <paulmadsen@rogers.com> wrote:
> >> Finally getting to my graphic editing AI
> >>
> >> The various sequence diagrams have some or all of the following message
> >> steps
> >>
> >> - Access Resource
> >> - Challenge for credentials
> >> - User Login
> >> - Supply resource
> >>
> >> Was it the agreement that the first & last are to be drawn as solid
> >> lines? And the middle 2 as dotted?
> >>
> >> Paul
> >>
> >> Tom Scavo wrote:
> >> > On 3/11/07, Eve L. Maler <Eve.Maler@sun.com> wrote:
> >> >>
> >> >> >> I personally don't think we need to hew to this rule.
> >> >> >
> >> >> > That's fine.  It's mostly pedagogical and not worth quibbling
> >> about in
> >> >> > general.  I personally find this to be a useful rule when writing
> >> >> > documentation and so forth since it leads to reasonably complete
> >> >> > end-to-end flows that novices can understand.
> >> >>
> >> >> I'm game to change it -- if Paul feels like doing the graphic
> >> >> editing!  But I don't feel it's absolutely essential unless
> >> >> something thinks we're making it more confusing this way.
> >> >
> >> > I'm okay with the single "swoopy arrow" :-) but did we agree that
> >> > steps 1 and 7 should be represented by a solid line?  That's my main
> >> > concern.
> >> >
> >> > Thanks,
> >> > Tom
> >> >
> >> >
> >>
> >> --
> >> Paul Madsen             e:paulmadsen @ ntt-at.com
> >> NTT                     p:613-482-0432
> >>                         m:613-302-1428
> >>                         aim:PaulMdsn5
> >>                         web:connectid.blogspot.com
> >>
> >>
> >
> >
>
> --
> Paul Madsen             e:paulmadsen @ ntt-at.com
> NTT                     p:613-482-0432
>                         m:613-302-1428
>                         aim:PaulMdsn5
>                         web:connectid.blogspot.com
>
>