RE: [saml-dev] SAML, trust and WS.

["Scott Cantor" <cantor.2@osu.edu>]

> i can only speak from my own experience, but i think there is a 
> lot of confusion/misunderstanding/hype of what can and can't be 
> done with saml and not enough best practice examples to guide 
> implementations.

Unfortunately, the people qualified to do so have day jobs that they enjoy
more than writing examples, I suppose. But also, one can't just invent
profiles out of thin air. There have to be people that want to jointly agree
on things, and where web services are concerned, that agreement is
non-existent. Too much money to be made in faking interoperability, I
suppose.

> scott, your draft proves that if people read the specs thoroughly 
> and really _grok_ what the specs prescribe then they might find 
> that the answers to their problems were right there all the time.

For better or worse, I feel the SAML community has chosen to cede the
territory of web services to others, whether it's Liberty, other OASIS
committees, or your friendly neighborhood behemoth corporate monstrosities.

The fact that you can implement lots of things today with SAML alone is
disregarded in favor of over-generality. I don't deny the value of future
proofing, but fundamentally, you have to pick something to get work done. If
people had refused to use Kerberos because it required, gasp, Kerberos, lots
of cool stuff wouldn't have gotten built.

-- Scott