atom feed26 messages in org.oasis-open.lists.security-servicesRE: [security-services] A browser/POS...
FromSent OnAttachments
Philpott, RobertApr 30, 2003 5:53 pm 
Scott CantorApr 30, 2003 8:52 pm 
Eve L. MalerMay 1, 2003 7:16 am 
Scott CantorMay 1, 2003 7:23 am 
Eve L. MalerMay 1, 2003 7:40 am 
Scott CantorMay 1, 2003 8:01 am 
Mishra, PrateekMay 1, 2003 8:21 am 
Scott CantorMay 1, 2003 8:29 am 
Philpott, RobertMay 1, 2003 9:34 am 
Scott CantorMay 1, 2003 10:29 am 
Eve L. MalerMay 1, 2003 10:32 am 
Mishra, PrateekMay 1, 2003 11:38 am 
Scott CantorMay 1, 2003 11:45 am 
Mishra, PrateekMay 1, 2003 11:58 am 
Philpott, RobertMay 1, 2003 12:07 pm 
Scott CantorMay 1, 2003 12:07 pm 
Philpott, RobertMay 1, 2003 12:28 pm 
Mishra, PrateekMay 1, 2003 1:04 pm 
Eve L. MalerMay 1, 2003 3:37 pm 
Jahan MorehMay 1, 2003 5:50 pm 
Jahan MorehMay 1, 2003 6:51 pm 
Philpott, RobertMay 1, 2003 8:41 pm 
Eve L. MalerMay 2, 2003 6:50 am 
Eve L. MalerMay 2, 2003 6:50 am 
Eve L. MalerMay 2, 2003 7:39 am 
Jahan MorehMay 2, 2003 9:01 am 
Subject:RE: [security-services] A browser/POST question...
From:Scott Cantor (cant@osu.edu)
Date:May 1, 2003 8:01:25 am
List:org.oasis-open.lists.security-services

The section is 4.1.2.5, line 743 of the 1.0 B&P document.

Current text reads:

"The <saml:ConfirmationMethod> element of each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer."

That text is actually a little muddled. I suggest a clarifying edit to read:

Each statement subject included in the response MUST include a <saml:ConfirmationMethod> element of urn:oasis:names:tc:SAML:1.0:cm:bearer."

Then we can add:

"<saml:SubjectConfirmationData> SHOULD NOT be included."

-- Scott