RE: What shall we name our specification(s)?

["Mishra, Prateek" <pmishra@netegrity.com>]

I would strongly recommend keeping the work secure or
security someplace in the name. This is technically
appropriate and will also help identify us in dealing with
a broad cross-section of IT and non-IT savvy folks. Lets
keep in mind that the latter function is an important aspect of
the final name.


- prateek



> -----Original Message-----
> From: Philip Hallam-Baker [mailto:pbaker@verisign.com]
> Sent: Monday, January 29, 2001 5:32 PM
> To: security-services@lists.oasis-open.org
> Subject: RE: What shall we name our specification(s)?
> 
> 
> Security Assertion Service Specification (SASS) ?????
> Authorization Assertion Service Specification (A2S2) ????
> 
> 	Phill
> 
> 
> > -----Original Message-----
> > From: christopher ferris [mailto:chris.ferris@east.sun.com]
> > Sent: Monday, January 29, 2001 5:13 PM
> > To: security-services@lists.oasis-open.org
> > Subject: Re: What shall we name our specification(s)?
> > 
> > 
> > Yes, but I thought that since we're designing
> > more than just a ML (e.g. we're attributing it with
> > protocol semantics) that the "ML" in the name was 
> > too constraining.
> > 
> > SAXP or Security Assertion eXchange Protocol would be
> > closer to what we're about, IMHO.
> > 
> > Of course, this name omits the "Service" aspect
> > which is, I believe, one of the compelling aspects
> > of all of this work. Defining an interoperable service
> > "interface" (the Auth/Az Request/Response pairs) is as important
> > an aspect as the exchange of the assertions themselves
> > as it will allow for the development/migration of applications
> > that can delegate these (Auth o/e) functions to a blankety-blank 
> > compliant service provider.
> > 
> > Maybe Security Assertion Service and eXchange Protocol
> > (SASXP)?
> > 
> > My $0.02,
> > 
> > Chris
> > 
> > George_Robert_Blakley_III@tivoli.com wrote:
> > > 
> > > I second Marc's nomination here (in fact I think I 
> > suggested the same
> > > thing).  I think "SAML" is the most descriptive
> > > and accurately-scoped alternative.
> > > 
> > > --bob
> > > 
> > > Bob Blakley
> > > Chief Scientist, Security
> > > Tivoli Systems, Inc.
> > > 
> > > "Chanliau, Marc" <MChanliau@netegrity.com> on 01/29/2001 
> 03:56:11 PM
> > > 
> > > To:   "Orchard, David" <dorchard@jamcracker.com>, Philip 
> > Hallam-Baker
> > >       <pbaker@verisign.com>, "'Eve Maler'" 
> <eve.maler@east.sun.com>,
> > >       security-services@lists.oasis-open.org
> > > cc:
> > > Subject:  RE: What shall we name our specification(s)?
> > > 
> > > How  about SAML (Security Assertion Markup  Language).
> > > Marc Chanliau
> > > -----Original Message-----
> > > From: Orchard, David  [mailto:dorchard@jamcracker.com]
> > > Sent: Monday, January 29, 2001 4:44  PM
> > > To: Philip Hallam-Baker; 'Eve Maler';
> > > security-services@lists.oasis-open.org
> > > Subject: RE: What shall we  name our specification(s)?
> > > 
> > > I  know you are keen on getting the focus on authorization, 
> > but I'm not too
> > > interested in dropping authentication and keeping 
> > authorization.  Either
> > > authent +author, or neither would be my interest.
> > > 
> > > Dave
> > > 
> > > -----Original Message-----
> > > From: Philip Hallam-Baker  [mailto:pbaker@verisign.com]
> > > Sent: Monday, January 29, 2001 12:23  PM
> > > To: 'Eve Maler';  security-services@lists.oasis-open.org
> > > Subject: RE: What shall we  name our specification(s)?
> > > 
> > > My  objection to A2ML was that specifying Authentication in 
> > the name to me
> > > implies that we would be supporting authenticated key 
> > exchange, which is
> > > something I don't want to do in an OASIS group, that is 
> > something I would
> > > prefer to do in a closed group of cryptographers and 
> > network security
> > > protocol engineers.
> > > 
> > > On  the other hand "Authorization Assertion Markup 
> > Language" would have the
> > > initials A2ML, thus indicating the warm touchy feely get 
> > together vibes
> > > people want, being clearly a descendent of S2ML and Auth 
> > XML (whose current
> > > voting success I take note of).
> > > 
> > > Does anyone else have definite feelings towards the  
> > binding of the second
> > > A?
> > > 
> > >          Phill
> > 
>