Re: [abfab] Review of draft-ietf-abfab-aaa-saml-11

"Cantor, Scott" <cantor.2@osu.edu> Fri, 16 October 2015 13:17 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774091ACD93 for <abfab@ietfa.amsl.com>; Fri, 16 Oct 2015 06:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6z5yCaS9nL6 for <abfab@ietfa.amsl.com>; Fri, 16 Oct 2015 06:17:20 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0739.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::739]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 246B41A901C for <abfab@ietf.org>; Fri, 16 Oct 2015 06:17:19 -0700 (PDT)
Received: from BN1AFFO11FD045.protection.gbl (10.58.52.31) by BN1AFFO11HUB024.protection.gbl (10.58.52.134) with Microsoft SMTP Server (TLS) id 15.1.293.9; Fri, 16 Oct 2015 13:17:01 +0000
Authentication-Results: spf=pass (sender IP is 164.107.81.210) smtp.mailfrom=osu.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=osu.edu;
Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.210 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.210; helo=cio-krc-pf03.osuad.osu.edu;
Received: from cio-krc-pf03.osuad.osu.edu (164.107.81.210) by BN1AFFO11FD045.mail.protection.outlook.com (10.58.53.60) with Microsoft SMTP Server (TLS) id 15.1.293.9 via Frontend Transport; Fri, 16 Oct 2015 13:17:01 +0000
Received: from CIO-TNC-HT07.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by cio-krc-pf03.osuad.osu.edu (Postfix) with ESMTPS id 3815A20174; Fri, 16 Oct 2015 09:17:01 -0400 (EDT)
Received: from CIO-TNC-D2MBX02.osuad.osu.edu ([fe80::3960:dd86:ba2:ad26]) by CIO-TNC-HT07.osuad.osu.edu ([fe80::3ca1:e895:a165:1359%10]) with mapi id 14.03.0248.002; Fri, 16 Oct 2015 09:17:00 -0400
From: "Cantor, Scott" <cantor.2@osu.edu>
To: =?iso-8859-1?Q?Alejandro_P=E9rez_M=E9ndez?= <alex@um.es>, "abfab@ietf.org" <abfab@ietf.org>
Thread-Topic: [abfab] Review of draft-ietf-abfab-aaa-saml-11
Thread-Index: AdEHswO8BUpjHdymSS6jZh1XsrZH3QAZzvgAAAF1mXA=
Date: Fri, 16 Oct 2015 13:16:59 +0000
Message-ID: <9846A6064BD102419D06814DD0D78DE1127144C9@CIO-TNC-D2MBX02.osuad.osu.edu>
References: <9846A6064BD102419D06814DD0D78DE112712074@CIO-TNC-D2MBX02.osuad.osu.edu> <5620C974.30400@um.es>
In-Reply-To: <5620C974.30400@um.es>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [75.179.164.143]
x-header-sapphire: true
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD045; 1:Eb8mBFZZ007AX1WbCwAob5NFolnzFCO4KQQm5yWdo8Ao0x2pdW6G3E2+wddKscTig6xPvUdto5SD6UPmsor4k8bC+Bt5QcNwIBH5GqAPUzj8/oH6xYoPDBKMm8ze7IxbjpaRXH673oKitslM/p+jzWV5OsI50AtmCByUTpUT/GDQPLHKqJOhlma9tcS5QT/1fHHKq2jhObVzvy3OgkmXJM8r2Dw3r8pyzfhxssfdJmeGDiyinpxyl6XG8EQpkoBovFnnrJ/ZFeN7ZxAf05vWzemJSF8z/9UYpHqqL8DK6pLnh1+ckwjP0OJopPxfe0ywkvdVe1yDLQIavImu//4ReolwDzKTU6FAf7i31jHFepsNuCH/Nd/+vFcYy+HIhDx0dAcQAzwjAHcuFhUqTt5POA==
X-Forefront-Antispam-Report: CIP:164.107.81.210; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(199003)(189002)(75432002)(2900100001)(50466002)(2950100001)(11100500001)(2920100001)(54356999)(76176999)(86362001)(5003600100002)(5004730100002)(93346002)(6806005)(19580395003)(66066001)(47776003)(92566002)(5007970100001)(189998001)(5001770100001)(64706001)(107886002)(50986999)(87936001)(55846006)(23756003)(106466001)(2501003)(90282001)(33656002)(5250100002)(89122001)(46102003)(5008740100001)(109096001)(102836002)(88552001)(230783001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1AFFO11HUB024; H:cio-krc-pf03.osuad.osu.edu; FPR:; SPF:Pass; PTR:cio-krc-pf03.osuad.osu.edu; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB024; 2:gw9ZIeyCWuwba3mhBxAKG8+BioaCquIF4z6VggcanyjSSdl1V0eDsytexWgtYQw8iRGYw89Nich6dLfpU9QgMmHSuzstuuUCkwQ6EuvWC1nLVVAR56qq0dwc0T6KeaZFjVPvemgW4yIzQCVDXMyEEFOAluzJEJ7nCbJdP9NbR2o=; 3:Wq7cEAXXO4Vr0yrcgqaYHk2yWXsLtjGpSWjvHAGuFU6nM0dCbtm/oFTuar2p3u0etSfSnj+Brlm3HrfMuP5E4eGJNjb0hIlmCGxODqFUhLzophNiooaqhgCPXnmAqo/AgcqrVTEC/oYp7ZdBAE0clWudUBI8FROvO/BBeoZWwPYFAIlJa/yqND99eArYSDPipSI1xho9xeX85dF8O6jPycGNE2WQvWMydPcfO5l4UxyH4U74p8t1qjIQpI2W8w7sLHmiK0npe9eHR/afKdOMBw==; 25:sCCpS5hjLdgrdI/xE9badjE/wG8qPbrOr9b/pDsyw8zPVFO/UZI36IGGO8zPrSyo9FfVlRginufdzu5g1CO+wWNOKmF0yaZWNSqSaJw6zHNHLOg5waQ97DVgbG8kVq4fVyGDpA6iuTaUjleqXhdT12Etxc2vmmCI69UNKJyc1X/HRs0xoNEylAZiqxQF4J7fSBL7P6MGki9oDY3Bg6JUF/kJPuMKN3wyqj5EjajvEjLo7lnAt1OBfgp6UjhvC+TYSyxUFsWGHz+OPoFsPjVVXg==
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(8251501001); SRVR:BN1AFFO11HUB024;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB024; 20:WXFQ8fyn9FiYu2Ft/Zu6qNqAEewOIiHO9PnF1+CSonW1/rMvL2+vw2JCaC0MblHmB6dcQ88oTiDV5D8nIyKVZkkn0J7q53L5eN1fuvq6SVp5z9upZMZEgDILJxzE/R1N8DYzKuI/JD3aLejpFHwQdb7a6Pd1n/2ebu6WwbPa/q/uqTXSHMtjfcDwecXnF2NEoW/6vZJut0Y3zelzGoxk/qZZneGDSzEeC8xEQ4kr1WpO9rBSEisP87yRzhYQuwGD6TarzmvHH3sGeDoS6E9dnjv/176NSLwQa2ljGsSX/FQ3TdpmKErwNujCMAhqi0pfx+k/D94B/PgHv565MxuZzPl17jo4Cn05Zbb/M5fXggAFKjsRev55soqd/E85ku4Q7WJByzd9ViYrBayJKvXNphrj4HP1S4DLf/ocyVky6yopWJv+UbBIZaKdzgwnZ0odJIFSpb5RBLa/n0lLClW+3yFUfUc1SIcOOv0wAi9RpwJxKtyex5NNPc1zqewGqCLM; 4:9h51REptS5vV20ZPM42Jh4yeH6bMiTaJDPR2s63clQ1fhSScJhwaDwpF43G5hoj33P+BCuVqNxvc0PbjKLCyflsOk31+SFRhDPlZ0tvTKJJvDnD7CofkzF3qOs8sLLN8cnehsuLmTUh5Ua4NOslzMWfE+W07gasulMS7tp5zwTGcod3Q2nZiII6fLGuEdqHjI+5dWuUwCUHCC2rggsx7Yy1buSl+fbcCNTcHeuzszEJklvDJJ3tNdMHTN/qLzpCWkO+YU457GMScnzvZDna/Bc8l0bzZ20h9ucN0m4CDyxlwPUbbdHZ0/X5JJ0+1XjaihPvFhAFgVC69s9j37vkqfWK2RRAJIh4L80NvabnbLeZNQVs1UVWsi18PmW0b9jWF
X-Microsoft-Antispam-PRVS: <BN1AFFO11HUB024008ADBDA80C4CB7E4024D03D0@BN1AFFO11HUB024.protection.gbl>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001)(10115024); SRVR:BN1AFFO11HUB024; BCL:0; PCL:0; RULEID:; SRVR:BN1AFFO11HUB024;
X-Forefront-PRVS: 0731AA2DE6
X-Microsoft-Exchange-Diagnostics: =?iso-8859-1?Q?1; BN1AFFO11HUB024; 23:kdRxMELoaSqdI0AptKYcTy4coGpn28xRekxBc?= =?iso-8859-1?Q?nQGc5zEHNMq1Hg+x7y9yhOZeHH9OG+qHuTEgtc2/MVoz30dypLIn08ce5T?= =?iso-8859-1?Q?8HOa+OLvwfiyQWTdIA489odi/CjUj21kC9L5hvlB5sA24TBE2RNxF1mmKv?= =?iso-8859-1?Q?nP+kILA5q3U3KivpFlRFW7xZyFMomm9mmAZk8dZLOFHFzzzVXwz9KlmPDb?= =?iso-8859-1?Q?wbziFK1Hey8qdvHJ3lTkP8AtWbTkwMl5n/3SmgC0jMd2MXsNqYhHi/M0ow?= =?iso-8859-1?Q?+dnxaRenbRENqd+71Ktig4Yc/FQp77saeQomE04l9xA/pdBQEGcFahNZQW?= =?iso-8859-1?Q?Bh9A6crl2kr4+MapZJOnQOP9bum10k6dsIelnCbiaSJ0d7c558I0Ka/eTZ?= =?iso-8859-1?Q?r0tggkTSN/pUcMcT0TgkVnnJI0Qu/fIzhyxom85P7vI6anWabQMoW8Xmj+?= =?iso-8859-1?Q?03JWDkwJ3RLGGRl7EI0xRfS1B0V4wEBtje3ccFvcuHSXzgLRsF7s3YLVpn?= =?iso-8859-1?Q?8ydnV0NlZClgpXw7/+X1sYEWLkde2d6kcIMHVjNMcvQGLeaZ1CrYBIk21d?= =?iso-8859-1?Q?2hXjEYXX+HjzP1S0OKDu0Knta3LQK5KdOYEa8ZUWBhpdNix5vF5et0Zh5l?= =?iso-8859-1?Q?dHFlZiF1ydxAqeqnZmG1ieYzqjEqVN4QGcdoN49KiOVoj9WPLomHvWBC02?= =?iso-8859-1?Q?Dzlfr/U/5Ij4mkmLx/yyXj9SmxIrKYGOQMc3D1Zsrrmw5i2mxZTMwPFNIH?= =?iso-8859-1?Q?vEE7Qx2LmiGITR45giWZLyYptFED6Wepu+Z2O+GOljn8noWO6GEYIogkG7?= =?iso-8859-1?Q?CzK/nCDvJ1hd3lCGlqxLGzS2ANC6dirf1q17ei99fD8mfmhWrlw6X8y1K2?= =?iso-8859-1?Q?pSI2X2T1Kz/WoSo04xU70BChsP+EN2rjpri0gCfrZu0wyNEdaHytDC1w58?= =?iso-8859-1?Q?dghDzNYZn9eDOkqTxadwSUd2XGWb2va0jtKC0vQSXbVPAf243/8+bs5R9w?= =?iso-8859-1?Q?mJooipiWd31acwCQNd/Ix8GgZzp+TDhKHSROHv/rYxmM0AWyOn4m1omF/n?= =?iso-8859-1?Q?Oy+wfRYRel33ZvX7UjhL8e8UL/cpTsTWA0cjPTY2vi5bXxB7ytCwIifHci?= =?iso-8859-1?Q?6zeCv3dVxQFZI+CsHeSH4o/ADc8m8I5/MTODAWxL420uwVPtOl6d+Nph4q?= =?iso-8859-1?Q?yNJ159ASECwsWEvwjSiPZuLq8ObAhMG3UKA=3D=3D?=
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB024; 5:7Wx20WuPNYBCY3+DNmsrgXrMvYLaFslYAzw+vc/WUtBxvXDDmrZbnkGYjlfYZd8qpQbHe2tZkotVz+7DxOcgZBzMXLsPiuQfGdjn5eOWxpsK9n6J+rpVXL1XzKhMRa12/pfJKGpl39oBTLDv1YmlCQ==; 24:NYeNmqHhZAb8FJdzo5X55Dgy3cOjl9EMVfhOsSMvTO2iuWjzpF89KxK4fni5+gfqA6zBNfWFpKKW8Xg7s0NzSZT9YRcjyx3z+LwTjLcOk50=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: osu.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Oct 2015 13:17:01.7576 (UTC)
X-MS-Exchange-CrossTenant-Id: b4d138ca-1815-4a9b-a3a7-130a33b1e692
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b4d138ca-1815-4a9b-a3a7-130a33b1e692; Ip=[164.107.81.210]; Helo=[cio-krc-pf03.osuad.osu.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1AFFO11HUB024
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/o07r6DR_2PXpuRhPCEziQBJOxSU>
Subject: Re: [abfab] Review of draft-ietf-abfab-aaa-saml-11
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 13:17:23 -0000

> Does it read better?

I think Sam's suggestion works, and now I understand what you were trying to say, thanks.

> It'd be great if you could do that, thanks!

I can take an edit pass within the next few days to get the XML fixed, can you pass me a copy of the WD XML source? Or if you want to finish up your edits and then pass it along, that's fine.

> Section 10 indicates ML signatures and encryption are optional, so I'd
> say they are not ruled out entirely.

In that case I'd use wording that says "<saml:Assertion> or <saml:EncryptedAssertion>". Or just use "assertion" in lower case.

> Would the following be clearer?
> 
>     The ABFAB Authentication Profile is a profile of the SAML V2.0
>     Authentication Request Protocol [OASIS.saml-core-2.0-os].  Where both
>     specifications conflict, the ABFAB Authentication Profile takes
> precedence.

That's fine.

-- Scott