A browser/POST question... - Philpott, Robert - org.oasis-open.lists.security-services

26 messages in org.oasis-open.lists.security-servicesA browser/POST question...

From	Sent On	Attachments
Philpott, Robert	Apr 30, 2003 5:53 pm
Scott Cantor	Apr 30, 2003 8:52 pm
Eve L. Maler	May 1, 2003 7:16 am
Scott Cantor	May 1, 2003 7:23 am
Eve L. Maler	May 1, 2003 7:40 am
Scott Cantor	May 1, 2003 8:01 am
Mishra, Prateek	May 1, 2003 8:21 am
Scott Cantor	May 1, 2003 8:29 am
Philpott, Robert	May 1, 2003 9:34 am
Scott Cantor	May 1, 2003 10:29 am
Eve L. Maler	May 1, 2003 10:32 am
Mishra, Prateek	May 1, 2003 11:38 am
Scott Cantor	May 1, 2003 11:45 am
Mishra, Prateek	May 1, 2003 11:58 am
Philpott, Robert	May 1, 2003 12:07 pm
Scott Cantor	May 1, 2003 12:07 pm
Philpott, Robert	May 1, 2003 12:28 pm
Mishra, Prateek	May 1, 2003 1:04 pm
Eve L. Maler	May 1, 2003 3:37 pm
Jahan Moreh	May 1, 2003 5:50 pm
Jahan Moreh	May 1, 2003 6:51 pm
Philpott, Robert	May 1, 2003 8:41 pm
Eve L. Maler	May 2, 2003 6:50 am
Eve L. Maler	May 2, 2003 6:50 am
Eve L. Maler	May 2, 2003 7:39 am
Jahan Moreh	May 2, 2003 9:01 am

Subject:	A browser/POST question...
From:	Philpott, Robert (rphi...@rsasecurity.com)
Date:	Apr 30, 2003 5:53:02 pm
List:	org.oasis-open.lists.security-services

In the browser/artifact profile, we now say that ConfirmationData SHOULD NOT be supplied. But in Browser/POST, we say nothing about ConfirmationData. I looked back through the mail archive, but couldn't find a conclusive statement. For consistency and completeness of the B&P spec, I think we should provide a normative statement about it. I've assumed MUST NOT applies, but then I haven't thought about it a lot. So is ConfirmationData a "MUST NOT", "SHOULD NOT", "MAY", or something else?

Thanks!

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets