[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Simple Sign not so simple
Scott Cantor wrote: >> > 3. A stance should be taken on use of UTF-8 encoding (presumably >> > this is the only encoding allowed by the binding). >> >> Ah, clarify this in other words? I guess we assumed since the macroscopic >> encoding is XML that that spec would address any byte-level encoding >> questions. > > For my purposes, no, it wasn't the intent. We don't force use of UTF-8 > anywhere in SAML at the moment. correct. what I meant by "..since the macroscopic encoding is XML that that spec would address.." is that the XML spec(s) itself addresses octet-level encoding issues. We, at the SimpleSign Binding, and SAML level overall, don't care. > If it's because some parsers can't handle anything but > UTF-8, I guess that's a reason. i wouldn't change the spec imv, something like this is more impl guidance. >> AFAIK, it doesn't really matter which we choose from a protocol > standpoint. >> Is there an implementation reason to prefer one over the other? > > Yes, see my response. gotcha. >> Our intent is that "...RelayState=value..." is _optional_ in the octet >> string that is constructed in step 2, and subsequently fed into the > signature >> function in step 3 of section 2.5. >> >> Can you suggest a way it can be clarified? > > There's text in SAMLBind for this, we just forgot to copy it. doh! my mistake, since I did the orig copying ;) > This where I > agree with Sampo's point...you shouldn't have to read HTTP-Redirect to > understand this one. ;-) agreed. =JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]