Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F78421F8B95 for ; Fri, 5 Aug 2011 11:42:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.287 X-Spam-Level: X-Spam-Status: No, score=-3.287 tagged_above=-999 required=5 tests=[AWL=-0.689, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyEAYdw-jyTh for ; Fri, 5 Aug 2011 11:42:34 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id B3EF521F8B7D for ; Fri, 5 Aug 2011 11:42:34 -0700 (PDT) Received: from rtcsinet21.oracle.com (rtcsinet21.oracle.com [66.248.204.29]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p75Igag5008844 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 5 Aug 2011 18:42:38 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by rtcsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p75IgZBs022480 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 5 Aug 2011 18:42:36 GMT Received: from abhmt108.oracle.com (abhmt108.oracle.com [141.146.116.60]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p75IgTQE025528 for ; Fri, 5 Aug 2011 13:42:30 -0500 Received: from [192.168.1.8] (/24.85.235.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 05 Aug 2011 11:42:29 -0700 From: Phil Hunt Content-Type: multipart/alternative; boundary=Apple-Mail-41--744900609 Date: Fri, 5 Aug 2011 11:42:28 -0700 References: To: OAuth WG Message-Id: <4DE1850A-F03B-491A-A860-0051838D66B0@oracle.com> Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) X-Source-IP: rtcsinet21.oracle.com [66.248.204.29] X-CT-RefId: str=0001.0A090208.4E3C399E.00E1,ss=1,re=0.000,fgs=0 Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Aug 2011 18:42:35 -0000 --Apple-Mail-41--744900609 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Cross-posting feedback from Scott Cantor regarding change to subject = confirmation processing. Comments?=20 Phil @independentid www.independentid.com phil.hunt@oracle.com Begin forwarded message: > From: "Cantor, Scott E." > Date: August 4, 2011 9:45:57 AM PDT > To: Phillip Hunt , SAML = > Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D Action: = draft-ietf-oauth-saml2-bearer-05.txt >=20 > On 8/4/11 11:36 AM, "Phillip Hunt" wrote: >>=20 >> Lastly the processing rules on the assertion have been relaxed >> somewhat to allow for element(s) to be >> optional when the element has a NotOnOrAfter attribute. >=20 > Omitting subject confirmation just means the assertion has no security > semantics or that it's "sender vouches". You could do bearer by > implication, but that's sloppy. Assertions should be self-defining > whenever possible, not punt their semantics to implication. >=20 > -- Scott >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >=20 --Apple-Mail-41--744900609 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

Phil

@independentid

www.independentid.com

phil.hunt@oracle.com

Begin forwarded message:

From: "Cantor, Scott E." = <cantor.2@osu.edu>
=
Date: August 4, 2011 = 9:45:57 AM PDT
To: Phillip Hunt <phil.hunt@oracle.com>, SAML = <security-services@l= ists.oasis-open.org>
Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D = Action: = draft-ietf-oauth-saml2-bearer-05.txt

On = 8/4/11 11:36 AM, "Phillip Hunt" <phil.hunt@oracle.com> = wrote:

Lastly the processing rules on the assertion have been = relaxed
somewhat to allow for = <SubjectConfirmationData> element(s) to = be
optional when the = <Conditions> element has a NotOnOrAfter = attribute.

Omitting subject confirmation just means = the assertion has no security
semantics or that it's "sender = vouches". You could do bearer by
implication, but that's sloppy. = Assertions should be self-defining
whenever possible, not punt their = semantics to implication.

-- = Scott

---------------------------------------------------------= ------------
To unsubscribe from this mail list, you must leave the = OASIS TC that
generates this mail. Follow this link to all your = TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.p= hp

= --Apple-Mail-41--744900609--