OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Proposed Ballots for Issue Groups 6, 7, 8, 9




> 
> Also, group 8 may be somewhat confusing. I think that the scenario in
> [UC-8-02:IntermediaryAdd] is probably useful and would probably be
> common for systems that use intermediaries. However, the ones in
> [UC-8-03:IntermediaryDelete] and [UC-8-04:IntermediaryEdit] may be
> somewhat problematic and less useful. [UC-8-05:AtomicAssertions] tries
> to rationalize this problem with an explicit non-goal.

I agree with the sentiments expressed [UC-8-05:AtomicAssertions]. 
I think SAML assertions should be atomic. I think managing valid 
signatures over assertion fragments is an unnecessary complexity.

However, I think an intermediary might also in some cases legitimately
remove an atomic assertion, provided no signature was invalidated by doing
so.
An example is pointed out in [UC-8-03:IntermediaryDelete]. In this case
the intermediary does it to make a purchase order anonymous, once it has
validated 
that purchase order. I would be happy to see a modified version of 
[UC-8-03:IntermediaryDelete] that dealt with atomic assertions.

Nigel.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC