Hello Ian, Sorry I could not comment on the previous draft due to holidays. I have two questions and some minor editorial comments: 1) If a client pulls a message using a pull request secured using SAML, and the message requires a receipt, in AS4 the receipt is to be signed. In this case I assume the receipt (which the client will post to the MSH) will be signed using the same SAML token. It might be the same token as used for the pull request, but that token is short-lived so the MSH may also need to request a new token. 2) When using reliable messaging (retries), the MSH should keep the short duration of the SAML token in mind. Normally the MSH can store a copy of the fully processed SOAP message (including WS-Security headers) but with such short lived tokens, it may need to re-sign the message. This will complicate implementations. Other than this I have mostly minor comments: Front page says "working draft 01" dated 05 July, but according to Appendix C this is version 1.03 of 28 August. Front page, Abstract, "how an ebMS3/AS4 can" --> "how an ebMS3/AS4 MSH can". Section 1.3, redundant empty line before [XMLDSIG]. Section 2 "two facets of SAML, SAML Assertions which" --> "two facets of SAML: SAML Assertions, which" Section 3.6, "may require a BusinessId": redundant space after "require". Section 3.6, "both attribute are present" --> "both attributes are present" Page 13, "The SecurityTokenReference in the", apply the "Element" character style. Section 4, "Implementation of this specification" --> "Implementations of this specification" Section 4.1 "ie. SAML 2.0" --> "i.e. SAML 2.0" Section 4.1, "public key mush be provided" --> "public key must be provided". Page 14, footnote 2, "is either secure using X.509" --> "is either secured using X.509" Section 4.2, "eg SAML" --> "e.g. SAML" Section 6, "The following PModes are per MPC and authorize access to that MPC" --> "The following Pmode parameters are used in message pulling to authorize access to that MPC" Section 6, "a list of SAML attributes message for a particular MPC MAY be autorised on" --> "a list of SAML attributes that messages for a particular MPC MAY be autorised on" ? Section 7, "[EBMS3-AS4] as" --> "[EBMS3-AS4], as" Section B.3.3.6.3.3, "the Sender will contact an Identity Provider inside their own business for a SAML token" --> "the Sender will contact an Identity Provider inside its own business for a SAML token" Pim
Original Message----- From: ebxml-msg@lists.oasis-open.org [ mailto:ebxml-msg@lists.oasis-open.org ] On Behalf Of Mr. Ian Otto Sent: 28 August 2013 08:18 To: ebxml-msg@lists.oasis-open.org Subject: [ebxml-msg] New version of SAML document uploaded I have re-done example using Dale's version and added extra explanation and highlighting therein. There are no other changes.