[OGSA-AUTHZ] New version of SAML authorization profile
Von Welch
vwelch at ncsa.uiuc.edu
Wed Jun 8 15:09:17 CDT 2005
I've uploaded a new version of the SAML authorization profile (dated
today, June 8th, urls below). This version has a number of corrections
in that the previous version of the document had contradictions
between sections or underspecification in places. I've confirmed with
both the major implementors (Globus and PERMIS) that they both have
the same interpretations of the ambiquities and captured those in the
new document. A complete list of changes is appended.
Given the scope of changes, I propose that the group be given until
the upcoming GGF to comment. Barring substantial comments at that
point I propose the document has past last call and should be
advanced.
Von
Word version (with change tracking):
https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917
PDF version:
https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918
Changes from January 2005 to current version:
* ?should? to ?SHOULD? in 6.1.2
* Removed editor?s comment in 6.1.2
* Updated WSS-X509 reference.
* In Appendix B: Added step about properly URI encoding hash per
RFC 1630.
* Updated acknowledgements.
* Numerous minor editorial corrections from Tom Scavo.
* Table 1: Corrected namespace prefixes to be lowercase.
* Clarified second sentence of the second paragraph of 6.1.4.2.
* Section 6.1.5: Changed to reflect renaming
of SubjectAttributeReferenceAdvice element.
* Table 1: Corrected ogsa-saml namespace to match with what is
in 7.3.
* Section 7.3: Removed unused xmlns:soap namespace.
* Section 7.3: Corrected xmlns:samlp namespace to match what is
in Table 1.
* Section 11: Removed reference to ?ADF? since it was undefined
in this document.
* Section 10: Updated David Chadwick?s contact information.
* Section 5.1: Added text clarifying what client should do if
they receive an unsigned response when a signed response was
requested.
* Section 6.1.2: Clarified between ConfirmationMethod between
when authentication was done with proxy certificates and end entity
certs.
* Section 6.1.4.1: Added note about moving to qualified name in
future version of the document.
More information about the ogsa-authz-wg
mailing list