[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] [Fwd: Some Potential Future SAML Features for YourConsideration]
Here's the raw list I mentioned on the call today. We should step through this list and categorize the items into categories such as.. * new profile of SAML * new use-case of SAML * new SAML feature (other categories?) of course all the items we brainstormed on the call should also be so categorized. thanks, JeffH
--- Begin Message ---
- From: James Kobielus <jkobielus@burtongroup.com>
- To: "'Jeff.Hodges@sun.com'" <Jeff.Hodges@Sun.COM>
- Date: Wed, 3 Apr 2002 13:44:07 -0700
Jeff: As promised, here's the preliminary list of potential future SAML features, as identified through discussions with various members of the OASIS SSTC: * SOAP SAML profile * Encryption of SAML assertions via XML Encryption * SAML explicit reference to XACML policy-definition language * SAML implementation guidelines and implementation profiles/subsets * SAML use-case and profiles for authorization service * SAML use-case and profiles for application-to-application, B2B, and back-office transactions * SAML use-case for multilevel access controls * SAML use-case for multi-participant transactional workflows * SAML credentials collector and credentials assertions * SAML session authority, session assertions, and dynamic session-management (login/logout) mechanisms that operate across domains * Definition of core/baseline assertion attributes (e.g., roles) that can be understood, by default, among federated SAML domains * Hierarchical delegation of privileges among federated attribute authorities * Mechanisms for SAML-enabled servers to define mutual trust relationships and authenticate each other * Mechanisms for caching or storing SAML assertions persistently at two or more federated sites * Standard language for expressing role-based access controls enforced by infrastructure servers * Standard language for expressing security processing workflow definitions enforced by trusted servers * Assurance levels for authentication contexts associated with various SAML authentication assertions * Privacy and anonymity features such as defined under Shibboleth (e.g., attribute release policies, attribute acceptance policies, "where are you from?"/handler service) * Support for Passport and Liberty Alliance authentication and subject confirmation methods in SAML * SAML site/service/profile/binding discovery through integration with UDDI, WSDL, and DNS/SRV RR * SAML integration of ebXML Message Service Specification (MSS) extensions to SOAP 1.1 for reliable, guaranteed messaging * SAML support for wireless browser profiles over WAP/WSP/WTP/WTLS Jim James Kobielus Senior Analyst Burton Group 6006 John Roccato Court Alexandria VA 22310 703-924-6224 (phone and fax) USA Eastern timezone (GMT-5; Washington DC area) www.burtongroup.com "Driving Network Evolution" Hope we see you at Burton Group's Catalyst 2002! "Breakthroughs come from pressure and patience applied persistently over time and obstacles."--jgk "Success is just one long street fight."--Milton Berle--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC