OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: fyi: [security-services] Proposed,categorized To-Do list for SAML 2.0(SAMLng/SAML.next) [updated 25-Nov-2002]


This needs some minor tweaking to bring it up to date. 

Folks should comment on it in any case and we can update it before the next
meeting. 

thanks,

JeffH


-------- Original Message --------
Subject: [security-services] Proposed,categorized To-Do list for SAML 2.0
(SAMLng/SAML.next) [updated 25-Nov-2002]
Date: Mon, 25 Nov 2002 17:27:07 -0800
From: Jeff Hodges <Jeff.Hodges@sun.com>
Reply-To: Jeff.Hodges@sun.com
To: oasis sstc <security-services@lists.oasis-open.org>
References: <3D5D7891.EACF46AC@sun.com>

[this is to satisfy my action item AI-16. see bottom of list for new addition.]


[B] Major bugs and RFEs that open up new areas of work (targeted to
    2.0)

- Any of these could be sped up if someone writes a proposal
- the below items are in no particular order (ie unprioritized)

   - Simple sessions
   - Liberty-style identifier federation via NameIdentifier exchange
   - Enhanced RequestAbstractType to support Liberty use cases
   - Richer SSO profiles a la Liberty
   - Protocol for exchanging operational agreements
     (aka metadata exchange)
   - Introduction protocol (eg common domain and cookie, or some 
     roughly equivalent approach)
   - Assertion encryption via XML Encryption
   - B2B, A2A, back-office profiles
   - Profile for mid-tier usage a la Hitachi
   - Profiles for multilevel access controls
   - Profiles for multi-participant transactional workflows
   - SAML credentials collector and credentials assertions
   - SASL support in authentication methods
   - HTTP protocol binding (a la REST)
   - ebMS protocol binding
   - Baseline attribute namespaces
   - Hierarchical delegation of privileges among federated attribute
     authorities
   - Standardized trust between SAML-enabled servers
   - Persistent caching (mirroring?) of assertions at multiple sites
   - Expressing security processing workflow definitions (?)
   - Privacy and anonymity features a la Shibboleth and Liberty
   - Anonymous name identifier (same as above?)
   - SAML feature discovery through WSDL, UDDI, etc.
   - Kerberos support
   - Pass-through authentication
   - Rich/dynamic sessions (more than Liberty)
   - X.500 attribute support
   - Delegation use cases
   - Use of intermediaries
   - Dependency audit ("validity depends on")
   - Negative assertions
   - More complex queries, e.g. all attributes in namespace X
   - Standardizing policy around which attributes get supplied

   - various bug fixes

    - fragment identifiers:

      In the next major revision, SAML 2.0, change the SAML Core document 
      as follows: To the final sentence of Section 1.2.1 beginning on line 
      203, add ", and MUST be absolute [RFC 2396]."  The reason this cannot 
      be added to a minor revision is that it restricts the possible values 
      of SAML URIs, and is thus backwards incompatible.



---
end

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC