Re: [liberty-dev] 2 items for clarification in protocols and schemas document


To <liberty-dev@emailprotection.org>
From “Vin Aro” <varo@itent.com>
Date Mon, 12 Aug 2002 09:25:24 +0530
References <200208092300.g79N0oBm021204@vernors.eng.sun.com >
Reply-to liberty-dev@emailprotection.org
Sender liberty-dev-owner@emailprotection.org

Hi All
About the second questoion i am not very sure what the answer is like but
the answer to the first question according to my understanding is that the
sender will only include its own specified NameIdentifier for the principal
to the receiver that is during the maintaining of user mapping each of the
sender and receiver would have decided on NameIdentifier for a principal at
the IDP and the SP end .This NameIdentifier will be included in the Logout
Request.

Regards
Vineet

----- Original Message -----
From: "Jon Serg" <serg@Sun.COM>
To: <liberty-dev@projectliberty.org>
Sent: Saturday, August 10, 2002 4:30 AM
Subject: [liberty-dev] 2 items for clarification in protocols and schemas
document


> Here are two things in the protocols and schemas document that recently
> came up for us as potential interoperability problems:
>
> (1) In the Single Logout protocol, the specification doesn't seem to
>     explicitly say whether the sender needs to include the entire
>     NameIdentifier that was sent in the Assertion (or possibly
>     RegisterNameIdentifierRequest), or just the mandatory value.  The
>     qualifier and format are optional.
>
>     It seems to me that the sender should send back everything that was
>     in the original name identifier from the assertion.  So, for
>     example, if the IDP fills in all three fields in the name
>     identifier in the assertion, the SP should send all three back at
>     logout time, but if the IDP only fills in two of them, the SP
>     should only send back those two and omit the third.  But it's
>     possible that others who don't intend to use the optional fields
>     might skip parsing and storing them entirely...
>
>
> (2) The schema defines a lib:Assertion element that is not used anywhere.
>     This is potentially misleading; it is possible that some may assume
>     that the authentication statement should contain
>         <lib:Assertion ...>...</lib:Assertion>
>     instead of
>         <saml:Assertion xsi:type="lib:AssertionType"
...>...</saml:Assertion>
>     leading to interoperability problems.  (My understanding is that only
>     the second is legal inside the AuthenticationStatement.)
>
> Has anyone else run into these problems?  How have others handled these
> sections?
>
>
> --
> Jon Serg

Partial thread listing:

08/11/2002
Re: [liberty-dev] 2 items for clarification in protocols and schemas document(continued)
 Vineet Arora (08/11/2002)
 Jonathan Sergent (08/12/2002)
 Hubert A. Le Van Gong (08/12/2002)
 Jonathan Sergent (08/12/2002)
07/31/2002
AW: [liberty-dev] Developer Forum Question about SOAP wire protoc ols
(Dittmann Werner)

LEAVE A REPLY

Please enter your comment!
Please enter your name here