RE: [security-services] A browser/POST question... - Jahan Moreh - org.oasis-open.lists.security-services

26 messages in org.oasis-open.lists.security-servicesRE: [security-services] A browser/POS...

From	Sent On	Attachments
Philpott, Robert	Apr 30, 2003 5:53 pm
Scott Cantor	Apr 30, 2003 8:52 pm
Eve L. Maler	May 1, 2003 7:16 am
Scott Cantor	May 1, 2003 7:23 am
Eve L. Maler	May 1, 2003 7:40 am
Scott Cantor	May 1, 2003 8:01 am
Mishra, Prateek	May 1, 2003 8:21 am
Scott Cantor	May 1, 2003 8:29 am
Philpott, Robert	May 1, 2003 9:34 am
Scott Cantor	May 1, 2003 10:29 am
Eve L. Maler	May 1, 2003 10:32 am
Mishra, Prateek	May 1, 2003 11:38 am
Scott Cantor	May 1, 2003 11:45 am
Mishra, Prateek	May 1, 2003 11:58 am
Philpott, Robert	May 1, 2003 12:07 pm
Scott Cantor	May 1, 2003 12:07 pm
Philpott, Robert	May 1, 2003 12:28 pm
Mishra, Prateek	May 1, 2003 1:04 pm
Eve L. Maler	May 1, 2003 3:37 pm
Jahan Moreh	May 1, 2003 5:50 pm
Jahan Moreh	May 1, 2003 6:51 pm
Philpott, Robert	May 1, 2003 8:41 pm
Eve L. Maler	May 2, 2003 6:50 am
Eve L. Maler	May 2, 2003 6:50 am
Eve L. Maler	May 2, 2003 7:39 am
Jahan Moreh	May 2, 2003 9:01 am

Subject:	RE: [security-services] A browser/POST question...
From:	Jahan Moreh (jmo...@sigaba.com)
Date:	May 2, 2003 9:01:42 am
List:	org.oasis-open.lists.security-services

Eve- PE20 is the number. I was going to even include the exact text in the disposition. I will publish the errata doc later today.

Thanks, Jahan

-----Original Message----- From: Eve L. Maler [mailto:eve....@sun.com] Sent: Friday, May 02, 2003 7:51 AM To: ''secu...@lists.oasis-open.org ' ' Subject: Re: [security-services] A browser/POST question...

Jahan, can I assume that this will get a PE20 designation in the errata document now that it seems this has settled down? (I will take that chance and mention this number in the revision history.) The disposition would be something like "revised text worked out on the list, expecting TC approval at next opportunity". Thanks!

Eve

Philpott, Robert wrote:

And if I might tweak the tweak...

Change "subject-containing" to "subject-based"?

-----Original Message----- From: Eve L. Maler [mailto:eve....@sun.com] Sent: Thursday, May 01, 2003 6:50 PM To: ''secu...@lists.oasis-open.org ' ' Subject: Re: [security-services] A browser/POST question...

I would editorially tweak as follows (since it would be pretty unusual for there to be real saml:SubjectStatement elements present):

Every subject-containing statement present in the assertion(s) returned to the destination site MUST also contain a <SubjectConfirmation> element. The <ConfirmationMethod> element in the <SubjectConfirmation> MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.

Eve

Mishra, Prateek wrote:

Scott, Rob:

(1) Thanks for your paitence ! (2) I finally understood the problem (that took a while!) (3) I have no problem with the following proposed text:

Does this work? This one is for bearer, but we can update the artifact-01 case similarly. It precludes the case I described in my last message, but I really am okay with the semantics described here...

------------------- Every <saml:SubjectStatement> present in the assertion(s) returned to the destination site MUST contain a <saml:SubjectConfirmation> element. The <saml:ConfirmationMethod> element in the <saml:SubjectConfirmation> MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.

-------------------

4) I agree this is kind of goofy overall and probably needs to be

revised in

SAML 2.0. For good or bad it was sort of the proposal in 1.0.

- prateek

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets