Auth.+Framework-+Empty+SubjectLocality

Please contribute your comments via the discussion tab above. Outcomes and resolution will be added at the bottom of this page.

=Auth framework: impact of empty SubjectLocality?=

0 row selected - rows selected - [|clear] || Issue: In the SAML header of some requests, the SubjectLocality element, an optional element, is present but empty.
 * ~ 1 - 1 of 1
 * [[image:http://www.wikispaces.com/i/user_none_lg.jpg width="48" height="48" caption="JoeLamy" link="http://www.wikispaces.com/user/view/JoeLamy"]] || [|JoeLamy]

Example:   ...

Impact: interoperability risk. The risk to organizations sending this content is that other systems may reject the header as invalid or incomplete and deny access.

Workaround: work with partners to ensure that they accept this form and treat it equivalently to an omitted SubjectLocality.

Tentative severity level: 2-High

Is the above impact analysis correct? [|[delete]] ||