[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: fyi: [security-services] Proposed,categorized To-Do list for SAML 2.0(SAMLng/SAML.next) [updated 25-Nov-2002]
This needs some minor tweaking to bring it up to date. Folks should comment on it in any case and we can update it before the next meeting. thanks, JeffH -------- Original Message -------- Subject: [security-services] Proposed,categorized To-Do list for SAML 2.0 (SAMLng/SAML.next) [updated 25-Nov-2002] Date: Mon, 25 Nov 2002 17:27:07 -0800 From: Jeff Hodges <Jeff.Hodges@sun.com> Reply-To: Jeff.Hodges@sun.com To: oasis sstc <security-services@lists.oasis-open.org> References: <3D5D7891.EACF46AC@sun.com> [this is to satisfy my action item AI-16. see bottom of list for new addition.] [B] Major bugs and RFEs that open up new areas of work (targeted to 2.0) - Any of these could be sped up if someone writes a proposal - the below items are in no particular order (ie unprioritized) - Simple sessions - Liberty-style identifier federation via NameIdentifier exchange - Enhanced RequestAbstractType to support Liberty use cases - Richer SSO profiles a la Liberty - Protocol for exchanging operational agreements (aka metadata exchange) - Introduction protocol (eg common domain and cookie, or some roughly equivalent approach) - Assertion encryption via XML Encryption - B2B, A2A, back-office profiles - Profile for mid-tier usage a la Hitachi - Profiles for multilevel access controls - Profiles for multi-participant transactional workflows - SAML credentials collector and credentials assertions - SASL support in authentication methods - HTTP protocol binding (a la REST) - ebMS protocol binding - Baseline attribute namespaces - Hierarchical delegation of privileges among federated attribute authorities - Standardized trust between SAML-enabled servers - Persistent caching (mirroring?) of assertions at multiple sites - Expressing security processing workflow definitions (?) - Privacy and anonymity features a la Shibboleth and Liberty - Anonymous name identifier (same as above?) - SAML feature discovery through WSDL, UDDI, etc. - Kerberos support - Pass-through authentication - Rich/dynamic sessions (more than Liberty) - X.500 attribute support - Delegation use cases - Use of intermediaries - Dependency audit ("validity depends on") - Negative assertions - More complex queries, e.g. all attributes in namespace X - Standardizing policy around which attributes get supplied - various bug fixes - fragment identifiers: In the next major revision, SAML 2.0, change the SAML Core document as follows: To the final sentence of Section 1.2.1 beginning on line 203, add ", and MUST be absolute [RFC 2396]." The reason this cannot be added to a minor revision is that it restricts the possible values of SAML URIs, and is thus backwards incompatible. --- end ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC