OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core in SSOprofile on returning error Responses to SP


That sounds good to me.
::Ari

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Tuesday, April 20, 2010 12:13 PM
> To: ARI KERMAIER; OASIS SSTC
> Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with core
> in SSO profile on returning error Responses to SP
> 
> > I guess that's true, no easy way out. So we either elaborate on the
> > error conditions side, or on what "acceptable location..." means.
> 
> A bit wordy, but how about this?
> 
> "Identity Provider implementations MUST/SHOULD support the issuance of
> <saml2p:Response> messages (with appropriate status codes) in the event
> of
> an error condition, provided that the user agent remains available and
> an
> acceptable location to which to deliver the response is available. The
> criteria for "acceptability" of a response location are not formally
> specified, but are subject to Identity Provider policy and reflect its
> responsibility to protect users from being sent to untrusted or
> possibly
> malicious parties."
> 
> -- Scott
> 
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]