[OGSA-AUTHZ] New version of SAML authorization profile
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Jun 8 16:50:11 CDT 2005
Thanks Von
I have reviewed your changes and I am happy with them
David
Von Welch wrote:
> I've uploaded a new version of the SAML authorization profile (dated
> today, June 8th, urls below). This version has a number of corrections
> in that the previous version of the document had contradictions
> between sections or underspecification in places. I've confirmed with
> both the major implementors (Globus and PERMIS) that they both have
> the same interpretations of the ambiquities and captured those in the
> new document. A complete list of changes is appended.
>
> Given the scope of changes, I propose that the group be given until
> the upcoming GGF to comment. Barring substantial comments at that
> point I propose the document has past last call and should be
> advanced.
>
> Von
>
> Word version (with change tracking):
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917
>
> PDF version:
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918
>
>
> Changes from January 2005 to current version:
> * ?should? to ?SHOULD? in 6.1.2
> * Removed editor?s comment in 6.1.2
> * Updated WSS-X509 reference.
> * In Appendix B: Added step about properly URI encoding hash per
> RFC 1630.
> * Updated acknowledgements.
> * Numerous minor editorial corrections from Tom Scavo.
> * Table 1: Corrected namespace prefixes to be lowercase.
> * Clarified second sentence of the second paragraph of 6.1.4.2.
> * Section 6.1.5: Changed to reflect renaming
> of SubjectAttributeReferenceAdvice element.
> * Table 1: Corrected ogsa-saml namespace to match with what is
> in 7.3.
> * Section 7.3: Removed unused xmlns:soap namespace.
> * Section 7.3: Corrected xmlns:samlp namespace to match what is
> in Table 1.
> * Section 11: Removed reference to ?ADF? since it was undefined
> in this document.
> * Section 10: Updated David Chadwick?s contact information.
> * Section 5.1: Added text clarifying what client should do if
> they receive an unsigned response when a signed response was
> requested.
> * Section 6.1.2: Clarified between ConfirmationMethod between
> when authentication was done with proxy certificates and end entity
> certs.
> * Section 6.1.4.1: Added note about moving to qualified name in
> future version of the document.
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list