OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] SAMLCore errors in mandating some second-level status codes


I agree with this suggestion.  IMO, we should use this as a template in all spots where 2nd-level codes are mentioned.

 

Rob Philpott

RSA, the Security Division of EMC
Senior Technologist  |  e-Mail: rphilpott@rsa.com  |  Office: +1 781-515-7115  |  Mobile: +1 617-510-0893

 

From: Cahill, Conor P [mailto:conor.p.cahill@intel.com]
Sent: Wednesday, August 29, 2007 8:38 PM
To: Philpott, Robert; security-services@lists.oasis-open.org
Subject: RE: [security-services] SAMLCore errors in mandating some second-level status codes

 

When I’ve been dealing with this issue in Liberty specs I’m editing, I prefer:

 

If none of the specified classes or declarations can be satisfied in accordance with the rules below, the responder MUST return a <Response> message with a top-level <StatusCode> value of …:Responder.  If a second-level <StatusCode> is included in the <Response> message it MUST have a value of “…:NoAuthnContext”. 

 

In other words saying you can leave off the second level status code, but if you do include one, it must be the one specified here.

 

Conor

 

 

If none of the specified classes or declarations can be satisfied in accordance with the rules below, then the responder MUST return a <Response> message with a top-level <StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:Responder and MAY return a second-level <StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext.”

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]