OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Simple Sign not so simple

Scott Cantor wrote:
 >>  > 3. A stance should be taken on use of UTF-8 encoding (presumably
 >>  >    this is the only encoding allowed by the binding).
 >> Ah, clarify this in other words? I guess we assumed since the macroscopic
 >> encoding is XML that that spec would address any byte-level encoding
 >> questions.
 > For my purposes, no, it wasn't the intent. We don't force use of UTF-8
 > anywhere in SAML at the moment.

correct. what I meant by

   "..since the macroscopic encoding is XML that that spec would address.."

is that the XML spec(s) itself addresses octet-level encoding issues. We, at 
the SimpleSign Binding, and SAML level overall, don't care.

 > If it's because some parsers can't handle anything but
 > UTF-8, I guess that's a reason.

i wouldn't change the spec imv, something like this is more impl guidance.

 >> AFAIK, it doesn't really matter which we choose from a protocol
 > standpoint.
 >> Is there an implementation reason to prefer one over the other?
 > Yes, see my response.


 >> Our intent is that "...RelayState=value..." is _optional_ in the octet
 >> string that is constructed in step 2, and subsequently fed into  the
 > signature
 >> function in step 3 of section 2.5.
 >> Can you suggest a way it can be clarified?
 > There's text in SAMLBind for this, we just forgot to copy it.

doh!  my mistake, since I did the orig copying ;)

 > This where I
 > agree with Sampo's point...you shouldn't have to read HTTP-Redirect to
 > understand this one. ;-)



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]