[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAMLCore errors in mandating some second-level status codes
I agree with this suggestion. IMO,
we should use this as a template in all spots where 2nd-level codes
are mentioned. Rob Philpott RSA, the
Security Division of EMC From: Cahill, Conor P
[mailto:conor.p.cahill@intel.com] When I’ve been dealing with this issue in Liberty specs I’m
editing, I prefer: If none of the specified classes or
declarations can be satisfied in accordance with the rules below, the responder
MUST return a <Response> message with a top-level <StatusCode>
value of …:Responder. If a second-level <StatusCode> is included in
the <Response> message it MUST have a value of “…:NoAuthnContext”. In other words saying you can leave off the second level status
code, but if you do include one, it must be the one specified here. Conor “If none
of the specified classes or declarations can be satisfied in accordance with
the rules below, then the responder MUST return a <Response> message with a top-level
<StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:Responder and MAY return a second-level <StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext.” |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]