[OGSA-AUTHZ] New version of SAML authorization profile

Von Welch vwelch at ncsa.uiuc.edu
Wed Jun 8 15:09:17 CDT 2005 

I've uploaded a new version of the SAML authorization profile (dated
today, June 8th, urls below). This version has a number of corrections
in that the previous version of the document had contradictions
between sections or underspecification in places. I've confirmed with
both the major implementors (Globus and PERMIS) that they both have
the same interpretations of the ambiquities and captured those in the
new document. A complete list of changes is appended.

Given the scope of changes, I propose that the group be given until
the upcoming GGF to comment. Barring substantial comments at that
point I propose the document has past last call and should be
advanced.

Von

Word version (with change tracking):
https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917

PDF version:
https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918


Changes from January 2005 to current version:
*	?should? to ?SHOULD? in 6.1.2
*	Removed editor?s comment in 6.1.2
*	Updated WSS-X509 reference.
*	In Appendix B: Added step about properly URI encoding hash per
	RFC 1630.
*	Updated acknowledgements.
*	Numerous minor editorial corrections from Tom Scavo.
*	Table 1: Corrected namespace prefixes to be lowercase.
*	Clarified second sentence of the second paragraph of 6.1.4.2.
*	Section 6.1.5: Changed to reflect renaming
	of SubjectAttributeReferenceAdvice element.
*	Table 1: Corrected ogsa-saml namespace to match with what is
	in 7.3.
*	Section 7.3: Removed unused xmlns:soap namespace.
*	Section 7.3: Corrected xmlns:samlp namespace to match what is
	in Table 1.
*	Section 11: Removed reference to ?ADF? since it was undefined
	in this document.
*	Section 10: Updated David Chadwick?s contact information.
*	Section 5.1: Added text clarifying what client should do if
	they receive an unsigned response when a signed response was
	requested.
*	Section 6.1.2: Clarified between ConfirmationMethod between
	when authentication was done with proxy certificates and end entity
	certs.
*	Section 6.1.4.1: Added note about moving to qualified name in
	future version of the document.

More information about the ogsa-authz-wg mailing list