[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] SAML profile and interop scenario documents notes
Maneesh, Thanks for the comments. The correct URN for sender-vouches will be included in the next update. Regarding processing of the Conditions element: the only scenario that does not include the Conditions element is the minimal scenario 1, line 204. The other 3 scenarios (see lines 385, 578, and 822) do include the Conditions element, and in each case where it is included, the section *.4.2.3.1 contains a statement indicating that the Conditions must contain valid NotBefore and NotAfter attributes. (Note: there is a section discrepancy: section 5.4.2.4 should be 5.4.2.3 and the subsections should be broken out. I will fix that.) For now I will leave the Conditions as Mandatory for all 3 scenarios because my sense is that the questions have been about consistency of the scenarios rather than whether the Conditions should be optional. It would seem to me that scenario 1 demonstrates the optional nature of the Conditions element in the minimal scenario, but the other 3 scenarios are intended to represent potentially secure use cases, in which it seems likely to me that assertion issuers will place validity intervals on the assertions. However, I do sense that there is sentiment to make the inclusion of Conditions optional for all scenarios. If this is the case, please give me additional feedback that directly requests this change as distinct from the "consistency" issue. However, as I indicated above, it "seems" to me to be reasonable to make it mandatory for the scenarios, but if not then it can be changed. Rich > -----Original Message----- > From: Maneesh Sahu [mailto:maneesh@westbridgetech.com] > Sent: Wednesday, April 14, 2004 5:52 PM > To: Vijay Gajjala; wss@lists.oasis-open.org; Levinson, Richard > Subject: RE: [wss] SAML profile and interop scenario documents notes > > > > Issue 2: Some scenarios in the doc do not use Conditions elements, > > others do. Should we be consistent? It seems like lifetime as > expressed > > thro conditions are fundamental to security tokens and as > such MUST be > > required by our profiles and interop scenarios. Thoughts? > > [MS] The interop document has only the SenderVouches:Unsigned > scenario as one that doesn't require processing of > Conditions. Could we make the Conditions element optional > here but require processing if present? > > Regarding different confirmation method names for > sender-vouches, there are already three different values for > confirmation method elements for > Sender-Vouches:* in the Interop document: > > urn:oasis:names:tc:SAML:1.0:cm:sender-vouches > (Line-273,Page-11 , L-465,P-17, L-662,P-25) > urn:oasis:names:tc:SAML:cm:sender-vouches > (Line-220,Page-9 , L-238,P-10 , L-404,P-16 , L-425,P-17) > urn:oasis:tc:SAML:cm:sender-vouches > (Line-606,P-23) > > The WSS SAML TP document lists only > urn:oasis:names:tc:SAML:1.0:cm:sender-vouches. > > --ms >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]