OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Proposed Ballots for Issue Groups 6, 7, 8, 9

>>>>> "EN" == Edwards, Nigel <Nigel_Edwards@hp.com> writes:

    EN> I agree with the sentiments expressed
    EN> [UC-8-05:AtomicAssertions].  I think SAML assertions should be
    EN> atomic. I think managing valid signatures over assertion
    EN> fragments is an unnecessary complexity.

    EN> However, I think an intermediary might also in some cases
    EN> legitimately remove an atomic assertion, provided no signature
    EN> was invalidated by doing so.  An example is pointed out in
    EN> [UC-8-03:IntermediaryDelete]. In this case the intermediary
    EN> does it to make a purchase order anonymous, once it has
    EN> validated that purchase order. I would be happy to see a
    EN> modified version of [UC-8-03:IntermediaryDelete] that dealt
    EN> with atomic assertions.

So, there are a couple of options here. One is that the intermediary
simply drops the identifying authn assertion altogether (making any
authz decision assertions invalid, as far as I can tell). Or, it
replaces the authn assertion with one of its own.

Both make sense to me -- but it seems hard to state them as


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC