[OGSA-AUTHZ] SAML AuthZ Service Document Comments
Von Welch
vwelch at ncsa.uiuc.edu
Mon Mar 14 08:27:53 CST 2005
Takuyi,
Thank you for the comments. Yes, the document is still working its
way through the process and there will be time to address them.
Von
Takuya Mori writes (21:35 March 13, 2005):
> Hi All,
>
> Please find my comments on the SAML AuthZ Service Document in the
> below:
>
> 1. 5.1 Element <ExtendedAuthorizationDecisionQuery>
> Request Signed Element
> - How the client should behave if it gets unsigned response although
> it has requested signed one?
> - Does a client has a free choice for the behavior?
> ie. A client may ignore the response if it isn't signed even if
> it has requested a signed response.
>
> 2. 6.1.1 NameIdentifier Element
> - the NameQualifier element is open for the use by applications?
> IMO, it is good to make it open for application usage
>
> 3. 6.1.2 SubjectConfirmation Element
> - Does the confirmationMethod still be set to
> http://www.gridforum.org/ogsa-authz/saml/2004/01/am/gsi?
> even if the subject confirmation method contains X509 Id cert.
> - How a responder (authz svc) should behave if the data of a subject
> is supplied in the SubjectConfirmation Element? Is it required
> to validate the data?
>
> 4. 6.1.4 Action Elements
> - I think it would be better to define the string representation
> more specific. The QName of the operation would be better.
>
> Hope it isn't late,
> Takuya Mori
>
> ----
> Takuya Mori
More information about the ogsa-authz-wg
mailing list