SUMMARY: I am making the editorial recommendation that we remove the word
SSO from lines 523-524. It would then read:
I agree with that change.
RSA Security Inc.
The Most Trusted Name in e-Security
From: Mishra, Prateek [mailto:pmis...@netegrity.com]
Sent: Tuesday, May 20, 2003 4:35 PM
Subject: [security-services] ooops, or error on lines 523-524 of binding
Lines 523-524 of bindings-07 state:
In steps 4 and 5, the destination site, in effect, dereferences the >one
more SAML artifacts in its possession in order to acquire a >>SAML SSO
assertion that corresponds to each artifact.
Unfortunately, this is a botched correction of an earlier incorrect
statement in cs-sstc-bindings-01:
500 - 501
"dereferences the one or more SAML artifacts in its possession in order to
acquire a SAML authentication assertion that corresponds to each artifact"
Other contexts in bindings-07 make it clear that assertions other than SSO
assertions may be passed via artifacts:
550 At least one of the SAML assertions returned to the destination site
MUST be an SSO assertion.
611 * SAML assertions communicated in step 5 MUST include an SSO
Exactly one SAML response MUST be included within the FORM body with the
control name SAMLResponse; multiple SAML assertions MAY be included in the
response. At least one of the assertions MUST be an SSO assertion. A
target description MUST be included with the control name TARGET.