OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Bindings Committee Recommendation: SAML HTTP Binding should be mandatory-to-implement


BEA strongly believes in option #2, and will vote that way if asked.  This 
is not a marketing "buzz" but real need.

There will still be many many soap 1.1 implementations once soap 1.2 is 
finished.

The IPR issues are a red herring until somebody actually claims 
infringement.  Best to proceed until somebody claims, and back out later if 
proven wrong.

Cheers,
Dave


At 09:48 PM 10/8/01 -0400, Mishra, Prateek wrote:
>Colleagues,
>
>At the last bindings con-call the following question was debated:
>
>Which SAML binding should be mandatory-to-implement?
>
>(a) HTTP
>(b) SOAP over HTTP with no intermediaries
>
>The general consensus in the bindings commitee appeared to lie
>with (a) though some dissent was also expressed (Darren P.).
>
>I would request the chairs that the TC take a formal position on
>this issue perhaps thru a vote on October 9.
>
>In thinking about this issue, please note that we are NOT referring
>to the SOAP profile which would continue to be developed within
>bindings.
>
>The argument for (a) include the following:
>
>(i) SOAP 1.1 IPR is encumbered
>
>(ii) The results of the XMLP effort (SOAP 1.2) may look quite
>different from SOAP 1.1 (XMLP will be ready in Q1/02)
>
>(iii) other than marketing issues, we do not gain much by utilizing
>SOAP at this point
>
>(iv) "raw" HTTP provides a firmer foundation for our work; notice
>that a mandatory-to-implement binding is an additional layer in
>the SAML protocol stack.
>
>Arguments for (b) include:
>
>(i) SOAP provides a reasonable packaging structure, at least in
>the case of SOAP over HTTP
>
>(ii) SOAP offers a message-level error processing model
>
>(iii) The two alternatives are essentially the same but choosing
>SOAP over HTTP offers SAML, better marketing buzz.
>
>(iv) There may be patents lurking for any generic XML messaging
>framework; even if we choose (a) we may find that patents apply.
>
>Further discussion may be found in:
>
>http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC