Auth.+Framework-+Missing+subject+ID+or+subject+organization

Please contribute your comments via the discussion tab above. Outcomes and resolution will be added at the bottom of this page. =Auth framework: impact of missing subject id or subject organization?=

0 row selected - rows selected - [|clear] || In auth framework testing (analysis of messages), we are seeing some SAML headers with missing or incorrect subject id or subject organization attributes. As described in the Authorization Framework spec, these attributes are required by HIPAA Privacy Disclosure Accounting.
 * ~ 1 - 1 of 1
 * [[image:http://www.wikispaces.com/i/user_none_lg.jpg width="48" height="48" caption="JoeLamy" link="http://www.wikispaces.com/user/view/JoeLamy"]] || [|JoeLamy]

What is the impact here? Is this truly a critical issue, meaning no temporary waivers should be recommended?

Tentative severity level: 1-critical. Assuming that 1) this is a legal necessity for auditing messages after the fact, and 2) no workaround is available that can guarantee being able to reconstruct the audit trail. [|[delete]] ||


 * Additional Research and Discussion**


 * CLOSED**


 * This issue is a dup of issue #42 in the issue tracker Google Docs spreadsheet.**