Carlisle's votes on 6-9, 11-12...

[Carlisle Adams <carlisle.adams@entrust.com>]

Title: Carlisle's votes on 6-9, 11-12...

BALLOT
----------------------------------------------------------------------

[UC-6-01:XMLProtocol]

2. Leave current binding to SOAP.

[UC-7-01:Enveloping]

   1. Add proposed requirement [CR-7-01:Enveloping].

[UC-7-02:Enveloped]

   1. Add proposed requirement [CR-7-02:Enveloped].

[UC-8-01:Intermediaries]

   1. Add proposed requirement [CR-8-01:Intermediaries].

[UC-8-02:IntermediaryAdd]

   1. Add the given use-case scenario to the document.

[UC-8-03:IntermediaryDelete]

   2. Don't add this use-case scenario.

[UC-8-04:IntermediaryEdit]

   2. Don't add this use-case scenario.

[UC-8-05:AtomicAssertion]

   1. Add the non-goal [CR-8-05:AtomicAssertion] to the document, and
      change use case scenarios to specify that intermediaries must
      treat assertions as atomic.

[UC-9-01:RuntimePrivacy]

   1. Add the proposed non-goal [CR-9-01:RuntimePrivacy].

[UC-9-02:PrivacyStatement]

   3. Add [CR-9-02-4-DisclosureMishra] as a requirement.

[UC-11-01:AuthzUseCase]

1. Continue to include this use case.

[UC-12-01:Confidentiality]

a) Confidentiality and integrity (C&I) protection of SAML messages is
required.

[UC-12-02:ConfidentialMessages]

c) C&I protection shall be specified both within the SAML message format and
within protocol bindings. Deployments can choose the appropriate solution.
For example, SAML messages within S/MIME documents do not need message-level
C&I protection, while SAML messages passed as HTTP cookies do.

[UC-12-03:EncryptionNow]

a) Integrity protection shall use XML DSIG, and confidentiality
protection shall not be available.

("...shall not be available at the SAML message layer, but may be available in the bindings layer.")

[UC-12-04:EncryptionLater]

b) SAML shall be revised to use XML Encryption.

("...to use XML Encryption at the SAML message layer.")