[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Proposed Ballots for Issue Groups 6, 7, 8, 9
>>>>> "EN" == Edwards, Nigel <Nigel_Edwards@hp.com> writes: EN> I agree with the sentiments expressed EN> [UC-8-05:AtomicAssertions]. I think SAML assertions should be EN> atomic. I think managing valid signatures over assertion EN> fragments is an unnecessary complexity. EN> However, I think an intermediary might also in some cases EN> legitimately remove an atomic assertion, provided no signature EN> was invalidated by doing so. An example is pointed out in EN> [UC-8-03:IntermediaryDelete]. In this case the intermediary EN> does it to make a purchase order anonymous, once it has EN> validated that purchase order. I would be happy to see a EN> modified version of [UC-8-03:IntermediaryDelete] that dealt EN> with atomic assertions. So, there are a couple of options here. One is that the intermediary simply drops the identifying authn assertion altogether (making any authz decision assertions invalid, as far as I can tell). Or, it replaces the authn assertion with one of its own. Both make sense to me -- but it seems hard to state them as requirements. ~ESP
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC