Re: [regrep] [RS Issue] Internal Vs. External Users

[Matthew MacKenzie <mattm@adobe.com>]

Farrukh Najmi wrote:

>
> We have had Users, Organizations, Roles and Groups for several 
> releases. I agree that over time we need to remove these and align 
> with SAML and other security standards to define their replacement.
>
> I feel strongly however that we should not do this in version 3 since 
> these would be major changes which I believe are too late to do at 
> this stage in version 3. I propose we defer any changes in this area 
> to version 4.


We could start phasing it out now though.  I think there are some 
AdhocQueries that could be phased out.  Or not.  Our implementation just 
gives you an error if you try to add users, and I'd like to throw an 
error when someone asks for a list of users -- but I don't _have_ to.

>
>>
>> -Matt
>>
>>
>>
>>  
>>
>> David Webber (XML) wrote:
>>
>>> Matt,
>>>
>>> OK. So this is over an above the SSO SMP support
>>> that Farrukh noted that we have already.
>>>
>>> I'm trying to understand the use case here a bit
>>> better.  With the SAML SSO request its clear
>>> that a user to trying to authentic using the SAML
>>> services.  So - we need to boot strap that - what
>>> happens the first time a user logs in  - and we
>>> do not know they have a SSO account yet?
>>>
>>> Brainstorming here - they go to "create new registry user" -
>>> and there they will have the chance to select "Use existing SSO 
>>> account", etc.
>>>
>>> I'm trying to see why the registry would need to query for
>>> a whole list of users - unless its a help function - to prompt
>>> the user to pick an existing account from a list?  Obviously
>>> that is prone to security violations and brute force password
>>> attacks...
>>>
>>> DW
>>>
>>> ----- Original Message ----- From: "Matthew MacKenzie" 
>>> <mattm@adobe.com>
>>> To: "David Webber (XML)" <david@drrw.info>
>>> Cc: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>; 
>>> <regrep@lists.oasis-open.org>
>>> Sent: Monday, January 24, 2005 8:31 AM
>>> Subject: Re: [regrep] [RS Issue] Internal Vs. External Users
>>>
>>>
>>>  
>>>
>>>> Not exactly David.  SAML is not the whole story.  How does a SAML 
>>>> assertion parlay into a list of users when a registry client makes 
>>>> a request asking for User instances?
>>>>
>>>>
>>>>   
>>>
>>>
>>>
>>>  
>>>
>>
>>
>> To unsubscribe from this mailing list (and be removed from the roster 
>> of the OASIS TC), go to 
>> http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php. 
>>
>>
>
>