RE: [security-services] Proposed Charter Update

[Scott Cantor <cantor.2@osu.edu>]

> Here is a proposed update to the SS-TC charter as promised

Speaking for myself, I actually like some of these proposed edits (e.g.
there's no reason why non-SAML-based work can't be considered for input into
the work that we do).

But:

The use cases and requirements that were considered during the SSTC's early
work fully considered and acknowledged the importance of identity federation
to the core specifications that were being developed. The work was deferred,
along with many other critical components, in the interest of time. These
aren't new work items for the charter. (I believe the co-chairs can post
that supporting material if necessary.)

And I don't believe that profiling a couple of demonstrably (as opposed to
theoretically) useful models for the exchange of identifiers during SSO
harms the generality or the composability of SAML with other proposals,
other specifications, or other security architectures. I'd have to be
convinced that anything proposed so far isn't consistent with maintaining
those goals.

-- Scott