OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt

I can't say I necessarily disagree with you Scott, although maybe I
don't feel as strongly about it, but that change was introduced at the
specific request of a very large software vendor in order to allow for
interoperability with existing COTS products.

On Thu, Aug 4, 2011 at 10:45 AM, Cantor, Scott E. <cantor.2@osu.edu> wrote:
> On 8/4/11 11:36 AM, "Phillip Hunt" <phil.hunt@oracle.com> wrote:
>>Lastly the processing rules on the assertion have been relaxed
>>somewhat to allow for <SubjectConfirmationData> element(s) to be
>>optional when the <Conditions> element has a NotOnOrAfter attribute.
> Omitting subject confirmation just means the assertion has no security
> semantics or that it's "sender vouches". You could do bearer by
> implication, but that's sloppy. Assertions should be self-defining
> whenever possible, not punt their semantics to implication.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]