[OGSA-AUTHZ] New version of SAML authorization profile

David Chadwick d.w.chadwick at kent.ac.uk
Wed Jun 8 16:50:11 CDT 2005 

Thanks Von

I have reviewed your changes and I am happy with them

David


Von Welch wrote:
> I've uploaded a new version of the SAML authorization profile (dated
> today, June 8th, urls below). This version has a number of corrections
> in that the previous version of the document had contradictions
> between sections or underspecification in places. I've confirmed with
> both the major implementors (Globus and PERMIS) that they both have
> the same interpretations of the ambiquities and captured those in the
> new document. A complete list of changes is appended.
> 
> Given the scope of changes, I propose that the group be given until
> the upcoming GGF to comment. Barring substantial comments at that
> point I propose the document has past last call and should be
> advanced.
> 
> Von
> 
> Word version (with change tracking):
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917
> 
> PDF version:
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918
> 
> 
> Changes from January 2005 to current version:
> *	?should? to ?SHOULD? in 6.1.2
> *	Removed editor?s comment in 6.1.2
> *	Updated WSS-X509 reference.
> *	In Appendix B: Added step about properly URI encoding hash per
> 	RFC 1630.
> *	Updated acknowledgements.
> *	Numerous minor editorial corrections from Tom Scavo.
> *	Table 1: Corrected namespace prefixes to be lowercase.
> *	Clarified second sentence of the second paragraph of 6.1.4.2.
> *	Section 6.1.5: Changed to reflect renaming
> 	of SubjectAttributeReferenceAdvice element.
> *	Table 1: Corrected ogsa-saml namespace to match with what is
> 	in 7.3.
> *	Section 7.3: Removed unused xmlns:soap namespace.
> *	Section 7.3: Corrected xmlns:samlp namespace to match what is
> 	in Table 1.
> *	Section 11: Removed reference to ?ADF? since it was undefined
> 	in this document.
> *	Section 10: Updated David Chadwick?s contact information.
> *	Section 5.1: Added text clarifying what client should do if
> 	they receive an unsigned response when a signed response was
> 	requested.
> *	Section 6.1.2: Clarified between ConfirmationMethod between
> 	when authentication was done with proxy certificates and end entity
> 	certs.
> *	Section 6.1.4.1: Added note about moving to qualified name in
> 	future version of the document. 
> 
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the ogsa-authz-wg mailing list