OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SAML profile and interop scenario documents notes


Some issues re SAML interop scenarios and profiles docs...

Issue 1: In the interop scenarios doc, some of the examples used
MajorVersion = 1, MinorVersion = 0 in the SAML assertion. Shouldn't this
be be MajorVersion = 1, MinorVersion = 1 as this is the latest public
SAML spec. The SAMLCore and SAMLBind documents use SAML version of

Issue 2: Some scenarios in the doc do not use Conditions elements,
others do. Should we be consistent? It seems like lifetime as expressed
thro conditions are fundamental to security tokens and as such MUST be
required by our profiles and interop scenarios. Thoughts?

Issue 3: In the interop scenarios doc, for the NameIdentifier element,
the format attribute is not used, but the NameQualifier attribute was
used. The next revision of SAML core doc seems to move in terms of
favoring format attribute. It would be nice for us to do the same. 

Issue 4: If an implementation needs to comply with multiple profiles,
how do we indicate which profile of SAML token we are talking about? One
option is to use the SAML advice field, though the concern here is that
this field is not subject to processing requirements. Thoughts?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]