[OGSA-AUTHZ] SAML AuthZ Service Document Comments
Takuya Mori
moritaku at bx.jp.nec.com
Sun Mar 13 21:35:14 CST 2005
Hi All,
Please find my comments on the SAML AuthZ Service Document in the
below:
1. 5.1 Element <ExtendedAuthorizationDecisionQuery>
Request Signed Element
- How the client should behave if it gets unsigned response although
it has requested signed one?
- Does a client has a free choice for the behavior?
ie. A client may ignore the response if it isn't signed even if
it has requested a signed response.
2. 6.1.1 NameIdentifier Element
- the NameQualifier element is open for the use by applications?
IMO, it is good to make it open for application usage
3. 6.1.2 SubjectConfirmation Element
- Does the confirmationMethod still be set to
http://www.gridforum.org/ogsa-authz/saml/2004/01/am/gsi?
even if the subject confirmation method contains X509 Id cert.
- How a responder (authz svc) should behave if the data of a subject
is supplied in the SubjectConfirmation Element? Is it required
to validate the data?
4. 6.1.4 Action Elements
- I think it would be better to define the string representation
more specific. The QName of the operation would be better.
Hope it isn't late,
Takuya Mori
----
Takuya Mori
More information about the ogsa-authz-wg
mailing list