OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core in SSO profile on returning error Responses to SP

> I agree that there is a conflict between the current texts in Core and
> Profiles in terms of MUST vs. SHOULD, but if that can be resolved without
> changing the underlying nature of the guidance to implementers, I think
> would be a cleaner result.

I proposed the following compromise wording for Kantara:

"Identity Provider implementations MUST support the issuance of
<saml2p:Response> messages (with appropriate status codes) in the event that
authentication of the user is unsuccessful, provided that the user agent
remains available and an acceptable location to which to deliver the
response is available."

For errata purposes, I would s/MUST/SHOULD.

I'd probably also hold open the issue on our side pending finalization of
the language in the profile there. My feeling is that it's insufficient and
overly specific to talk only about "authn of the user", but I don't know
what else to say.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]