[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [security-services] AI-6: is conformance language around profiles vs.
- AI-6. Jeff to determine if conformance language around the notions of profiles vs. extensions is really an issue The short answer is "yes, it's an issue, IMO". longer answer: It seems that the conformance spec, in section 2.4 and likely also elsewhere, needs at least these clarifications/additions.. * crisp definition of what constitutes a "profile" * " " " " " an "extension" * " " " the relationship, if any, between profiles and extensions * " " " what an "extension of a profile" is (the possibility of such is implied in line 204; I'm not sure there's such a beast -- rather that one may create new profiles that are modeled on existing ones, but these are not "extensions" in the XML-ish sense of the word; this of course depends upon nailing down the above definitions) * statement along the lines of "if your application meets these criteria, then you may claim conformance to SAML vx.x" (this is likely a more global stmt that should be further up ahead in the spec) * statement about what constitutes a particular "version" of SAML. Eg it should likely include assertions about the specific XML namespaces involved, schema files used, specs based on, etc. This is sort of done via sec 2.1 and the sec 7 references, but needs to be tightened up -- eg namespaces and file names aren't unambiguously stated. there's probably more details once one really digs into this. JeffH ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]