26 messages in org.oasis-open.lists.security-servicesRE: [security-services] A browser/POS...| From | Sent On | Attachments |
|---|---|---|
| Philpott, Robert | Apr 30, 2003 5:53 pm | |
| Scott Cantor | Apr 30, 2003 8:52 pm | |
| Eve L. Maler | May 1, 2003 7:16 am | |
| Scott Cantor | May 1, 2003 7:23 am | |
| Eve L. Maler | May 1, 2003 7:40 am | |
| Scott Cantor | May 1, 2003 8:01 am | |
| Mishra, Prateek | May 1, 2003 8:21 am | |
| Scott Cantor | May 1, 2003 8:29 am | |
| Philpott, Robert | May 1, 2003 9:34 am | |
| Scott Cantor | May 1, 2003 10:29 am | |
| Eve L. Maler | May 1, 2003 10:32 am | |
| Mishra, Prateek | May 1, 2003 11:38 am | |
| Scott Cantor | May 1, 2003 11:45 am | |
| Mishra, Prateek | May 1, 2003 11:58 am | |
| Philpott, Robert | May 1, 2003 12:07 pm | |
| Scott Cantor | May 1, 2003 12:07 pm | |
| Philpott, Robert | May 1, 2003 12:28 pm | |
| Mishra, Prateek | May 1, 2003 1:04 pm | |
| Eve L. Maler | May 1, 2003 3:37 pm | |
| Jahan Moreh | May 1, 2003 5:50 pm | |
| Jahan Moreh | May 1, 2003 6:51 pm | |
| Philpott, Robert | May 1, 2003 8:41 pm | |
| Eve L. Maler | May 2, 2003 6:50 am | |
| Eve L. Maler | May 2, 2003 6:50 am | |
| Eve L. Maler | May 2, 2003 7:39 am | |
| Jahan Moreh | May 2, 2003 9:01 am |
| Subject: | RE: [security-services] A browser/POST question... | |
|---|---|---|
| From: | Philpott, Robert (rphi...@rsasecurity.com) | |
| Date: | May 1, 2003 8:41:39 pm | |
| List: | org.oasis-open.lists.security-services | |
And if I might tweak the tweak...
Change "subject-containing" to "subject-based"?
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphi...@rsasecurity.com
-----Original Message----- From: Eve L. Maler [mailto:eve....@sun.com] Sent: Thursday, May 01, 2003 6:50 PM To: ''secu...@lists.oasis-open.org ' ' Subject: Re: [security-services] A browser/POST question...
I would editorially tweak as follows (since it would be pretty unusual for there to be real saml:SubjectStatement elements present):
Every subject-containing statement present in the assertion(s) returned to the destination site MUST also contain a <SubjectConfirmation> element. The <ConfirmationMethod> element in the <SubjectConfirmation> MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
Eve
Mishra, Prateek wrote:
Scott, Rob:
(1) Thanks for your paitence ! (2) I finally understood the problem (that took a while!) (3) I have no problem with the following proposed text:
Does this work? This one is for bearer, but we can update the artifact-01 case similarly. It precludes the case I described in my last message, but I really am okay with the semantics described here...
------------------- Every <saml:SubjectStatement> present in the assertion(s) returned to the destination site MUST contain a <saml:SubjectConfirmation> element. The <saml:ConfirmationMethod> element in the <saml:SubjectConfirmation> MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
-------------------
4) I agree this is kind of goofy overall and probably needs to be revised in SAML 2.0. For good or bad it was sort of the proposal in 1.0.
- prateek
-- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Technologies and Standards eve.maler @ sun.com