[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Changes for Core 26
At 11:27 AM 2/11/02 +0000, Stephen Farrell wrote: >Eve, > ><sophistry> >The problem with being logical, consistent and pure in this case >is that it ignores reality and results in saml conformant code >not being as useful as current proprietary products. ></sophistry> Actually, I wasn't going for purity per se. I was going for the least number of false matches (because "FRED" isn't "fred"), at the potential cost of extra rejects ('sorry, you can't access resource "FRED" because you're only allowed access to "fred"'). This sounds more secure to me, and it also means a simple context-insensitive matching rule that doesn't depend on private agreements. Certainly a standard is going to cut off some avenues for convenience that proprietary products take advantage of now, but often this is the cost of interoperability. >I'm mainly thinking of resource names which are read off the wire >by saml components as written by non-saml components. I'm not sure >if the namespace case is the same, but it clearly has less precedent >than the resource URI case. I'm not sure I understand this... Eve -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC