[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Review of SAMLv2.0 HTTP POST "SimpleSign" Binding - 15 day review
To OASIS members, Public Announce Lists: The OASIS Security Services TC has recently approved the following specification as a Committee Draft and approved the package for public review: SAMLv2.0 HTTP POST "SimpleSign" Binding Version 1.0 The public review starts today, 23 December 2008, and ends 9 January 2009. This specification was previously submitted for a 60-day public review on 11 December 2007[1]; this 15-day review is limited in scope to changes made from the previous review. The only change is noted below[2]. This is an open invitation to comment. We strongly encourage feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of OASIS work. More non-normative information about the specification and the technical committee may be found at the public home page of the TC at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be located via the button marked "Send A Comment" at the top of that page, or directly at http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security. Submitted comments (for this work as well as other works of that TC) are publicly archived and can be viewed at http://lists.oasis-open.org/archives/security-comment/. All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. The specification document and related files are available here: Editable Source: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig n-cd-04.odt PDF: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig n-cd-04.pdf HTML: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-binding-simplesig n-cd-04.html OASIS and the Security Services TC welcome your comments. --------------------------------------------------- Mary P McRae Director, Technical Committee Administration OASIS: Advancing open standards for the information society email: mary.mcrae@oasis-open.org web: www.oasis-open.org phone: 1.603.232.9090 [1] http://lists.oasis-open.org/archives/tc-announce/200712/msg00004.html [2] Added the following clarifying text to section 2.5.2 regarding the treatment of an empty RelayState value in signature processing. Note that if there is no RelayState value, the entire parameter should be omitted from the signature computation (and not included as an empty parameter name), resulting in a string of one of these forms: SAMLRequest=value&SigAlg=value SAMLResponse=value&SigAlg=value
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]