I agree with this re-wording.
Regards,
Bob Sunday
Security & Identity
Management | Sécurité et gestion de l'identité
Chief Information Officer
Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada
Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Office: 613-941-4764
Email: robert.sunday@tbs-sct.gc.ca
Government of Canada |
Gouvernement du Canada
From:
ARI KERMAIER [mailto:ARI.KERMAIER@oracle.com]
Sent: April 21, 2010 1:05 PM
To: Scott Cantor; OASIS SSTC
Subject: RE: [security-services]
JIRA SECURITY-6 PE: Conflict with core in SSO profile on returning error
Responses to SP
That sounds good to me.
::Ari
> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Tuesday, April 20, 2010 12:13 PM
> To: ARI KERMAIER; OASIS SSTC
> Subject: RE: [security-services] JIRA SECURITY-6 PE: Conflict with
> core in SSO profile on returning error Responses to SP
>
> > I guess that's true, no easy way out. So we either elaborate on the
> > error conditions side, or on what "acceptable location..."
means.
>
> A bit wordy, but how about this?
>
> "Identity Provider implementations MUST/SHOULD support the issuance
of
> <saml2p:Response> messages (with appropriate status codes) in the
> event of an error condition, provided that the user agent remains
> available and an acceptable location to which to deliver the response
> is available. The criteria for "acceptability" of a response
location
> are not formally specified, but are subject to Identity Provider
> policy and reflect its responsibility to protect users from being sent
> to untrusted or possibly malicious parties."
>
> -- Scott
>
>
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates
this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php