OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] SAML Outreach Whitepaper

Title: RE: [security-services] SAML Outreach Whitepaper

Darren, this is very good overview.
I think SAML bindings section needs to be clarified with
respect to bindings and profiles.

Simon Godik

-----Original Message-----
From: Platt, Darren [mailto:dplatt@rsasecurity.com]
Sent: Friday, January 04, 2002 10:54 AM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] SAML Outreach Whitepaper


Attached you will find a draft of the SAML whitepaper I've been working on.
It still needs some wordsmithing - any suggestions are welcome. 

I tried to keep this high-level enough to hit the 'lowest common
denominator' among its readers.  I think a lot of people will be focusing on
how SAML fits their business requirements(esp. project liberty members) and
not all of them will be very technical, and some of them will not have a
background in security.  So I wanted to beat them over the head a little bit
with the business relevence - let me know if you think too much.  Also
didn't want to get too detailed on the technology so as to scare those
people off. 

I probably have to work on consistency in the tense (future vs. present)
I've used.  I think it's probably best to talk about SAML in present tense -
in other words saying "SAML does ...", instead of "SAML will do ..." - but
I'm not sure.  Is there a commonly used convention for this that I don't
know about? 

I was also thinking of putting the producer/consumer (Domain) model in an
appendix too - anybody think that would be too much info?

Any better or additional examples (about how SAML will be used) you may have
would be great.  Also please let me know if you have any suggestions for the
examples that are in there as well.

I still need to make sure the example assertions (in the Appendix) are still
accurate - 'borrowed' them from Eve's presentation so not sure how dated
they are.

I guess I should include a "Reference" or "Further Reading" section with:
        - OASIS website
        - SSTC home page
        - SSTC Docs Page
        - Core 21, Bindings 7
        - Producer/Consumer-Domain Model
        - anything else?

Should I say anything about SAML's status?

Thanks,

Darren

------------
Darren Platt
Technical Evangelist
RSA Security
direct: 415.652.2677
dplatt@rsasecurity.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC