[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core in SSOprofile on returning error Responses to SP
That sounds good to me. ::Ari > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Tuesday, April 20, 2010 12:13 PM > To: ARI KERMAIER; OASIS SSTC > Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core > in SSO profile on returning error Responses to SP > > > I guess that's true, no easy way out. So we either elaborate on the > > error conditions side, or on what "acceptable location..." means. > > A bit wordy, but how about this? > > "Identity Provider implementations MUST/SHOULD support the issuance of > <saml2p:Response> messages (with appropriate status codes) in the event > of > an error condition, provided that the user agent remains available and > an > acceptable location to which to deliver the response is available. The > criteria for "acceptability" of a response location are not formally > specified, but are subject to Identity Provider policy and reflect its > responsibility to protect users from being sent to untrusted or > possibly > malicious parties." > > -- Scott > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]