26 messages in org.oasis-open.lists.security-servicesRE: [security-services] A browser/POS...| From | Sent On | Attachments |
|---|---|---|
| Philpott, Robert | Apr 30, 2003 5:53 pm | |
| Scott Cantor | Apr 30, 2003 8:52 pm | |
| Eve L. Maler | May 1, 2003 7:16 am | |
| Scott Cantor | May 1, 2003 7:23 am | |
| Eve L. Maler | May 1, 2003 7:40 am | |
| Scott Cantor | May 1, 2003 8:01 am | |
| Mishra, Prateek | May 1, 2003 8:21 am | |
| Scott Cantor | May 1, 2003 8:29 am | |
| Philpott, Robert | May 1, 2003 9:34 am | |
| Scott Cantor | May 1, 2003 10:29 am | |
| Eve L. Maler | May 1, 2003 10:32 am | |
| Mishra, Prateek | May 1, 2003 11:38 am | |
| Scott Cantor | May 1, 2003 11:45 am | |
| Mishra, Prateek | May 1, 2003 11:58 am | |
| Philpott, Robert | May 1, 2003 12:07 pm | |
| Scott Cantor | May 1, 2003 12:07 pm | |
| Philpott, Robert | May 1, 2003 12:28 pm | |
| Mishra, Prateek | May 1, 2003 1:04 pm | |
| Eve L. Maler | May 1, 2003 3:37 pm | |
| Jahan Moreh | May 1, 2003 5:50 pm | |
| Jahan Moreh | May 1, 2003 6:51 pm | |
| Philpott, Robert | May 1, 2003 8:41 pm | |
| Eve L. Maler | May 2, 2003 6:50 am | |
| Eve L. Maler | May 2, 2003 6:50 am | |
| Eve L. Maler | May 2, 2003 7:39 am | |
| Jahan Moreh | May 2, 2003 9:01 am |
| Subject: | RE: [security-services] A browser/POST question... | |
|---|---|---|
| From: | Mishra, Prateek (pmis...@netegrity.com) | |
| Date: | May 1, 2003 11:58:41 am | |
| List: | org.oasis-open.lists.security-services | |
Agreed, there is some confusion here concerning the repeated occurrence of SubjectStatement. This is not clearly described: instead assertions are described as holding ConfirmationMethods in the text. Sigh ! This is a consequence of the relatively late "generalization" in SAML 1.0 wherein assertions could hold multiple statements (and each statement carries <ConfirmationMethod> and other stuff!).
OK, so the proposed clarification would be replace: 1)
Section 4.1.1.6
The <saml:ConfirmationMethod> element of each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:artifact-01.
BY
The <saml:ConfirmationMethod> element of each statement in each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:artifact-01
2)
Section 4.1.2.5
The <saml:ConfirmationMethod> element of each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
BY
The <saml:ConfirmationMethod> element of each statement in each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
- prateek
c: 781-308-5198
-----Original Message----- From: Scott Cantor To: 'Mishra, Prateek'; 'Philpott, Robert '; '''Eve L. Maler' ' '; secu...@lists.oasis-open.org Sent: 5/1/2003 2:57 PM Subject: RE: [security-services] A browser/POST question...
My problem is that this is a change in semantics. Instead of ALL assertions being transferred as "bearer" assertions only the SSO assertions now have these properties.
Both the artifact and FORM/Post profile permit multiple assertions to be transferred. In each case, the <ConfirmationMethod> is to be set appropriately either to "artifact" or to "bearer".
If that's true (and it does match what the text says), then we should at least edit the text to properly clarify that *every* SubjectStatement (or derived element thereof) is to include that method.
Saying "the assertion contains" is something that shows up all over and just creates confusion in the same way that having multiple assertions in responses can create confusion if the language just implies one.
-- Scott