[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [security-services] AI-6: is conformance language around profiles vs.
- AI-6. Jeff to determine if conformance language around the
notions of profiles vs. extensions is really an issue
The short answer is "yes, it's an issue, IMO".
longer answer:
It seems that the conformance spec, in section 2.4 and likely also elsewhere,
needs at least these clarifications/additions..
* crisp definition of what constitutes a "profile"
* " " " " " an "extension"
* " " " the relationship, if any, between profiles and
extensions
* " " " what an "extension of a profile" is (the possibility
of such is implied in line 204; I'm not sure there's such a beast -- rather
that one may create new profiles that are modeled on existing ones, but these
are not "extensions" in the XML-ish sense of the word; this of course depends
upon nailing down the above definitions)
* statement along the lines of "if your application meets these criteria,
then you may claim conformance to SAML vx.x" (this is likely a more global stmt
that should be further up ahead in the spec)
* statement about what constitutes a particular "version" of SAML. Eg it
should likely include assertions about the specific XML namespaces involved,
schema files used, specs based on, etc. This is sort of done via sec 2.1 and
the sec 7 references, but needs to be tightened up -- eg namespaces and file
names aren't unambiguously stated.
there's probably more details once one really digs into this.
JeffH
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]