OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Technical Overview comments

Technical Overview comments on
http://www.oasis-open.org/committees/download.php/25411/sstc-saml- 
tech-overview-2.0-draft-14.pdf

This is a very well written document. I have a few editorial comments  
and suggestions:

1) Should date be updated to 2008? If so title page update, copyright  
update to "2007-2008" on footers

2) Notices, line 68, remove bracketed text?
"The names "OASIS", [insert specific trademarked names,  
abbreviations, etc. here] "

3) Line 186 add reference to XML Signature
http://www.w3.org/TR/xmldsig-core/

4) Line 382 , missing reference?
"This use case, shown in ,  demonstrates "

5) line 464, reference missing
"( and , respectively)."

6) line 470, Subject confirmation

this could be a little clearer, especially for sender vouches

8) line 502 "usually contains a subject of the assertion"

A sentence explaining what it means not to have an assertion subject  
might be helpful.

9) line 551
Replace "and particularly designed to support WAP gateways." in
"Used in the Enhanced Client and Proxy Profile and particularly  
designed to support WAP gateways."

with
" to enable clients and proxies that know how to find their IDP."

10) line 676
replace "XML signature" with "XML Signature"
add reference to XML Signature here

11) line 693-4
" whether identity information is allowed to transit  through the  
browser"
add "(if not the artifact binding may be required)"

12) line 792
"Figureillustrates" needs space and reference number , e.g. "Figure  
13 illustrates"

13) Line 813
"The RelayState mechanism can leak details of the user's activities  
at the SP to the IdP
so care should be taken in its implementation"

Reference to additional guidance?

14) It seems reasonable to keep the ECP section. By this point the  
reader has been looking at details of other profiles
and this is only a few pages more.

15) line 976, make "Federation Termination" bold

16) line 1000, should "transient" be replaced with "persistent"?

17) Line 1023, replace "previous example" with "previous federation  
example using persistent pseudonym identifiers"

18) line 1063 figure 23, "information" missing "n" in figure

19) line 1068-1070
Remove the following (historical) text?
"The work to define XACML was started slightly after SAML began. From  
the beginning they were viewed as related efforts
and consideration was given to specifying both within the same  
Technical Committee. Ultimately, it was decided to allow them to  
proceed independently but to align them."

20) line 1069, figure 24 "n" missing in "evaluation"


regards, Frederick

Frederick Hirsch
Nokia

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]