Re: [abfab] Review of draft-ietf-abfab-aaa-saml-11

Alejandro Pérez Méndez <alex@um.es> Fri, 16 October 2015 14:28 UTC

Return-Path: <alex@um.es>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 809F81B2C3D for <abfab@ietfa.amsl.com>; Fri, 16 Oct 2015 07:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.911
X-Spam-Level:
X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aeyA0WpzWlU for <abfab@ietfa.amsl.com>; Fri, 16 Oct 2015 07:28:57 -0700 (PDT)
Received: from xenon22.um.es (xenon22.um.es [155.54.212.162]) by ietfa.amsl.com (Postfix) with ESMTP id 1A8A31B2C1B for <abfab@ietf.org>; Fri, 16 Oct 2015 07:28:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon22.um.es (Postfix) with ESMTP id 661AE518; Fri, 16 Oct 2015 16:28:56 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon22.um.es
Received: from xenon22.um.es ([127.0.0.1]) by localhost (xenon22.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id rqGJIdOingR5; Fri, 16 Oct 2015 16:28:56 +0200 (CEST)
Received: from [192.168.1.102] (84.121.15.122.dyn.user.ono.com [84.121.15.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon22.um.es (Postfix) with ESMTPSA id E2554131; Fri, 16 Oct 2015 16:28:54 +0200 (CEST)
To: "Cantor, Scott" <cantor.2@osu.edu>, "abfab@ietf.org" <abfab@ietf.org>
References: <9846A6064BD102419D06814DD0D78DE112712074@CIO-TNC-D2MBX02.osuad.osu.edu> <5620C974.30400@um.es> <9846A6064BD102419D06814DD0D78DE1127144C9@CIO-TNC-D2MBX02.osuad.osu.edu>
From: =?UTF-8?Q?Alejandro_P=c3=a9rez_M=c3=a9ndez?= <alex@um.es>
Message-ID: <562109A6.90203@um.es>
Date: Fri, 16 Oct 2015 16:28:54 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <9846A6064BD102419D06814DD0D78DE1127144C9@CIO-TNC-D2MBX02.osuad.osu.edu>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/p6IAfcSVXz81Ds45_b2y0jXUcxA>
Subject: Re: [abfab] Review of draft-ietf-abfab-aaa-saml-11
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 14:28:58 -0000


El 16/10/15 a las 15:16, Cantor, Scott escribió:
>> Does it read better?
> I think Sam's suggestion works, and now I understand what you were trying to say, thanks.

I agree.

>
>> It'd be great if you could do that, thanks!
> I can take an edit pass within the next few days to get the XML fixed, can you pass me a copy of the WD XML source? Or if you want to finish up your edits and then pass it along, that's fine.
Whichever works better for you. It might be better if you do the XML 
fixes before, so I can adapt the text afterwards. Let me send you the 
XML file in a private mail.

>
>> Section 10 indicates ML signatures and encryption are optional, so I'd
>> say they are not ruled out entirely.
> In that case I'd use wording that says "<saml:Assertion> or <saml:EncryptedAssertion>". Or just use "assertion" in lower case.

I think using assertion might be better, since this might happen in 
other places along the document.

>
>> Would the following be clearer?
>>
>>      The ABFAB Authentication Profile is a profile of the SAML V2.0
>>      Authentication Request Protocol [OASIS.saml-core-2.0-os].  Where both
>>      specifications conflict, the ABFAB Authentication Profile takes
>> precedence.
> That's fine.

Regards,
Alejandro

> -- Scott
>