[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Carlisle's votes on 6-9, 11-12...
BALLOT
----------------------------------------------------------------------
[UC-6-01:XMLProtocol]
2. Leave current binding to SOAP.
[UC-7-01:Enveloping]
1. Add proposed requirement [CR-7-01:Enveloping].
[UC-7-02:Enveloped]
1. Add proposed requirement [CR-7-02:Enveloped].
[UC-8-01:Intermediaries]
1. Add proposed requirement [CR-8-01:Intermediaries].
[UC-8-02:IntermediaryAdd]
1. Add the given use-case scenario to the document.
[UC-8-03:IntermediaryDelete]
2. Don't add this use-case scenario.
[UC-8-04:IntermediaryEdit]
2. Don't add this use-case scenario.
[UC-8-05:AtomicAssertion]
1. Add the non-goal [CR-8-05:AtomicAssertion] to the document, and
change use case scenarios to specify that intermediaries must
treat assertions as atomic.
[UC-9-01:RuntimePrivacy]
1. Add the proposed non-goal [CR-9-01:RuntimePrivacy].
[UC-9-02:PrivacyStatement]
3. Add [CR-9-02-4-DisclosureMishra] as a requirement.
[UC-11-01:AuthzUseCase]
1. Continue to include this use case.
[UC-12-01:Confidentiality]
a) Confidentiality and integrity (C&I) protection of SAML messages is
required.
[UC-12-02:ConfidentialMessages]
c) C&I protection shall be specified both within the SAML message format and
within protocol bindings. Deployments can choose the appropriate solution.
For example, SAML messages within S/MIME documents do not need message-level
C&I protection, while SAML messages passed as HTTP cookies do.
[UC-12-03:EncryptionNow]
a) Integrity protection shall use XML DSIG, and confidentiality
protection shall not be available.
("...shall not be available at the SAML message layer, but may be available in the bindings layer.")
[UC-12-04:EncryptionLater]
b) SAML shall be revised to use XML Encryption.
("...to use XML Encryption at the SAML message layer.")
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC