Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt
Phil Hunt <phil.hunt@oracle.com> Fri, 05 August 2011 18:42 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F78421F8B95 for <oauth@ietfa.amsl.com>; Fri, 5 Aug 2011 11:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.287
X-Spam-Level:
X-Spam-Status: No, score=-3.287 tagged_above=-999 required=5 tests=[AWL=-0.689, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyEAYdw-jyTh for <oauth@ietfa.amsl.com>; Fri, 5 Aug 2011 11:42:34 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id B3EF521F8B7D for <oauth@ietf.org>; Fri, 5 Aug 2011 11:42:34 -0700 (PDT)
Received: from rtcsinet21.oracle.com (rtcsinet21.oracle.com [66.248.204.29]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p75Igag5008844 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Fri, 5 Aug 2011 18:42:38 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by rtcsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p75IgZBs022480 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <oauth@ietf.org>; Fri, 5 Aug 2011 18:42:36 GMT
Received: from abhmt108.oracle.com (abhmt108.oracle.com [141.146.116.60]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p75IgTQE025528 for <oauth@ietf.org>; Fri, 5 Aug 2011 13:42:30 -0500
Received: from [192.168.1.8] (/24.85.235.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 05 Aug 2011 11:42:29 -0700
From: Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-41--744900609"
Date: Fri, 05 Aug 2011 11:42:28 -0700
References: <CA604478.EC05%cantor.2@osu.edu>
To: OAuth WG <oauth@ietf.org>
Message-Id: <4DE1850A-F03B-491A-A860-0051838D66B0@oracle.com>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Source-IP: rtcsinet21.oracle.com [66.248.204.29]
X-CT-RefId: str=0001.0A090208.4E3C399E.00E1,ss=1,re=0.000,fgs=0
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 18:42:35 -0000
Cross-posting feedback from Scott Cantor regarding change to subject confirmation processing. Comments? Phil @independentid www.independentid.com phil.hunt@oracle.com Begin forwarded message: > From: "Cantor, Scott E." <cantor.2@osu.edu> > Date: August 4, 2011 9:45:57 AM PDT > To: Phillip Hunt <phil.hunt@oracle.com>, SAML <security-services@lists.oasis-open.org> > Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt > > On 8/4/11 11:36 AM, "Phillip Hunt" <phil.hunt@oracle.com> wrote: >> >> Lastly the processing rules on the assertion have been relaxed >> somewhat to allow for <SubjectConfirmationData> element(s) to be >> optional when the <Conditions> element has a NotOnOrAfter attribute. > > Omitting subject confirmation just means the assertion has no security > semantics or that it's "sender vouches". You could do bearer by > implication, but that's sloppy. Assertions should be self-defining > whenever possible, not punt their semantics to implication. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bea… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2… Phil Hunt