RE: [security-services] SAML JSR

[Krishna Sankar <ksankar@cisco.com>]

Title: RE: [security-services] SAML JSR

Hi,

 

        Thanks for the questions. Here are my observations.

 

    1) When do you think we will proceed with this work?

    <KS>

        ASAP :-(. I am giving enough time for folks to work inside their organizations so that we get a decent time for participation responses.

    </KS>
    2) What is timeframe?

    <KS>

        Preliminary Draft :12/1/01
        Community Draft : 1/1/02
        Public Draft : 2/15/02
        Final Release : 3/31/02 (Depends on the release of related JSRs. Need to coordinate with those JSRs)

    </KS>

    3) Any plans to produce a Java Extension package for SAML,

    <KS>

        yep, javax.security.assertions.*

    </KS>

    and who are the reference implementation providers? Netegrity?

    <KS>

        RI implementors - TBD

    </KS>
    4) Any thoughts about its relationship w/JAAS? JMS?

    <KS>

        Yep. We need to have a security model - hopefully the same as JAAS and other Java security models. JMS is a question we need to answer as the expert group

    </KS>

 

cheers

-----Original Message-----
From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com]
Sent: Thursday, November 01, 2001 12:24 PM
To: 'Krishna Sankar'; security-services@lists.oasis-open.org
Subject: RE: [security-services] SAML JSR

Krishna,

Glad to hear the SAML JSR process has begun.

1) When do you think we will proceed with this work?
2) What is timeframe?
3) Any plans to produce a Java Extension package for
   SAML, and who are the reference implementation providers?
   Netegrity?
4) Any thoughts about its relationship w/JAAS? JMS?

thanks,
Zahid

-----Original Message-----
From: Krishna Sankar [mailto:ksankar@cisco.com]
Sent: Tuesday, October 30, 2001 8:50 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] SAML JSR

Hi all,

        Looks like the voting on the SAML JSR is over and has been approved. The
URL is http://www.jcp.org/jsr/detail/155.jsp. The next big work is to form
an expert group. The schedule is very tight and so we need to move ASAP.

        Would appreciate if you could nominate the most passionate and Java
API/security experts from your organization for the expert group. The site
has a link to the "I want to join this Expert Group".

        Our goals are as follows:

        1.      Elegant and easy to use API so that developers can adopt/adapt the SAML
and assertions principles into their programs
        2.      APIs based on the current Java Security model and concepts (This could
be a big challenge)
        3.      Assertion exchange models, choreography and interactions (based on
current security protocols plus JAXM and JAX-RPC)
        4.      *Very important* -> Use cases to validate 1 thru 3 above

        We also need to develop a RI and possibly a TCK.

        Please let me know your ideas, suggestions and wisdom as well.

cheers

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>