[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: XML Encryption Working Draft
Hello, everyone. First, I'd like to say that I was very impressed with the progress we made at this week's F2F, and I hope we can continue to go forward at this efficient pace in the future. Special "shout-outs" to Jeff Hodges for running the meeting right to the agenda, and Bob B. for handling the whiteboard session to such good effect. Second, I'd like to point out that there is a working draft of XML Encryption available on w3c's Web site: http://www.w3.org/TR/xmlenc-core/ First, I'd love to get the inside scoop from our XML-Enc liaisons ("Stephen Farrell, Gilbert Pilz, and Ed Simon") about the developments. Second, I'm wondering how this affects our non-goal of excluding XML Enc from SAML, namely: "SAML does not define a data format for encrypting assertions or messages independent of binding protocol. However, this non-goal will be revisited in a future version of the SAML spec after XML Encryption is published." It seems that by getting to working draft status, the spec is to a point where we could start evaluating it for use with SAML (and perhaps even feed in suggestions for the final spec). Also, the XML Encryption schedule for milestones, here: http://www.w3.org/Encryption/2001/01/xmlenc-charter.html#_Duration ...has a date of August 2001 for candidate recommendation and October 2001 for proposed rec. They appear to be hitting their milestones quite well. Even if they slip somewhat, they'd -probably- still have a candidate recommendation comfortably within our new timeframe of December 1 for a "substantially complete draft" of SAML. I suggest that we should at least consider this issue at the next concall for discussion. To wit: * Is it possible to revisit our requirements/non-goals at this late date? (Hmm, did I say "late"? B-) * Is XML Encryption appropriate for SAML? At what level (assertions, messages)? * Is the bump in scope that this would entail worth the payoff in terms of a having a standard, protocol-independent confidentiality mechanism? * Where would adaptation of XML-Enc to SAML fit into the spec? Core? Bindings? Another group? Can we add this to the issues list? To the agenda for a future concall? ~ESP -- Evan Prodromou, Senior Architect eprodromou@securant.com Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC