OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] SAML profile and interop scenario documents notes

Maneesh,

Thanks for the comments. The correct URN for sender-vouches will be 
included in the next update.

Regarding processing of the Conditions element: the only scenario
that does not include the Conditions element is the minimal scenario 1, 
line 204. The other 3 scenarios (see lines 385, 578, and 822) do include
the Conditions element, and in each case where it is included, the 
section *.4.2.3.1 contains a statement indicating that the Conditions
must contain valid NotBefore and NotAfter attributes. (Note: there
is a section discrepancy: section 5.4.2.4 should be 5.4.2.3 and the
subsections should be broken out. I will fix that.)

For now I will leave the Conditions as Mandatory for all 3 scenarios
because my sense is that the questions have been about consistency
of the scenarios rather than whether the Conditions should be optional. 

It would seem to me that scenario 1 demonstrates the optional nature
of the Conditions element in the minimal scenario, but the other 3
scenarios are intended to represent potentially secure use cases,
in which it seems likely to me that assertion issuers will place
validity intervals on the assertions. 

However, I do sense that there is sentiment to make the inclusion
of Conditions optional for all scenarios. If this is the case,
please give me additional feedback that directly requests this
change as distinct from the "consistency" issue. However, as I indicated
above, it "seems" to me to be reasonable to make it mandatory for
the scenarios, but if not then it can be changed. 

	Rich 

> -----Original Message-----
> From: Maneesh Sahu [mailto:maneesh@westbridgetech.com] 
> Sent: Wednesday, April 14, 2004 5:52 PM
> To: Vijay Gajjala; wss@lists.oasis-open.org; Levinson, Richard
> Subject: RE: [wss] SAML profile and interop scenario documents notes
> 
> 
> > Issue 2: Some scenarios in the doc do not use Conditions elements, 
> > others do. Should we be consistent? It seems like lifetime as
> expressed
> > thro conditions are fundamental to security tokens and as 
> such MUST be 
> > required by our profiles and interop scenarios. Thoughts?
> 
> [MS] The interop document has only the SenderVouches:Unsigned 
> scenario as one that doesn't require processing of 
> Conditions. Could we make the Conditions element optional 
> here but require processing if present?
> 
> Regarding different confirmation method names for 
> sender-vouches, there are already three different values for 
> confirmation method elements for
> Sender-Vouches:* in the Interop document:
> 
>   urn:oasis:names:tc:SAML:1.0:cm:sender-vouches 
>       (Line-273,Page-11 , L-465,P-17, L-662,P-25)
>   urn:oasis:names:tc:SAML:cm:sender-vouches 
>       (Line-220,Page-9 , L-238,P-10 , L-404,P-16 , L-425,P-17)
>   urn:oasis:tc:SAML:cm:sender-vouches 
>       (Line-606,P-23)
> 
> The WSS SAML TP document lists only
> urn:oasis:names:tc:SAML:1.0:cm:sender-vouches.
> 
> --ms
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]