OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core in SSO profile on returning error Responses to SP


> I guess that's true, no easy way out. So we either elaborate on the
> error conditions side, or on what "acceptable location..." means.

A bit wordy, but how about this?

"Identity Provider implementations MUST/SHOULD support the issuance of
<saml2p:Response> messages (with appropriate status codes) in the event of
an error condition, provided that the user agent remains available and an
acceptable location to which to deliver the response is available. The
criteria for "acceptability" of a response location are not formally
specified, but are subject to Identity Provider policy and reflect its
responsibility to protect users from being sent to untrusted or possibly
malicious parties."

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]