shibboleth-dev - Re: comments: draft-scavo-shib-techoverview-01.doc
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To: Nathan Dors <>
- Cc:
- Subject: Re: comments: draft-scavo-shib-techoverview-01.doc
- Date: Tue, 18 Jan 2005 15:26:26 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=cfJJUIbyytlQufBBBjCq1vZLkDBLUJPzFS5BKPh5HukEBecc6c73b6WJNV5KmF8pVsjMxZZwh3QL7ne1GRZN+uP89W5hwR25whbapDKwqq2whn/5uX0FcVZaHKHv3nYj4PZOwLvo0tdbFCXpXCXHaCTo/XjJKlE7M3qHkbDFIho=
On Fri, 14 Jan 2005 14:06:52 -0800 (PST), Nathan Dors
<>
wrote:
>
> FWIW, here are some notes I took during my initial read through
> this overview.
Thanks Nathan, your comments are appreciated. I've incorporated all
your suggestions into the next version except the few listed below.
> [line 135] "SSO exchange" ... is that a common phrase from SAML? it's used
> just once in this document, so i wonder if there isn't a more common way
> of expressing the same thing; on the other hand, it's analogous to
> "attribute exchange", which is used several times (e.g., lines 681-682).
Hmm, I'm not sure. I'll leave this as is for now and let others comment.
> [line 285] "the previous authentication statement" ... which statement is
> that? it takes a bit of effort to follow this section's references (on
> lines 210, 217, 250) to preceding and previous examples. i don't know what
> to suggest other than labeling all of the examples for easier reference.
This is tuff to do but probably worthwhile. I'll think about it..
> [line 360] does the parenthetic statement here serve a purpose?
Yes, I think so. By making the code more readable, I invalidate the
signature. Is there any other way to say this?
> [line 549] figure 4, step (5) should be labelled POST to match step 5,
> line 568.
Good eye! Actually, this can be GET or POST depending on the WAYF
implementation. For example, the InQueue WAYF uses GET although I
don't believe this is generally true. Does anybody know why InQueue
uses GET?
> [line 763] this note might be better placed within the profile's steps,
> for example at the end of step 6 where the AA is being accessed. also, i
> notice the format of this note ("note:" with a colon) is different from
> most of the other notes within the document (lines 110, 115, 214, 252,
> 283, 927, 1047) which omit the colon and use a full sentence instead.
> (well, looking at it again, lines 110 and 115 also use a colon.)
Since every other flow ends with the last step of the flow, I simply
deleted the note. I don't think this is too much of a loss since
security considerations are addressed in the protocol spec.
Let me know if you have other thoughts.
Thanks again,
Tom
- Contributed technical overview for review, Scott Cantor, 01/11/2005
- comments: draft-scavo-shib-techoverview-01.doc, Nathan Dors, 01/14/2005
- Re: comments: draft-scavo-shib-techoverview-01.doc, Tom Scavo, 01/18/2005
- RE: comments: draft-scavo-shib-techoverview-01.doc, Scott Cantor, 01/18/2005
- Re: comments: draft-scavo-shib-techoverview-01.doc, Tom Scavo, 01/18/2005
- comments: draft-scavo-shib-techoverview-01.doc, Nathan Dors, 01/14/2005
Archive powered by MHonArc 2.6.16.