RE: [security-services] RE: IBM charter position (was [security-services]Groups - sstc-saml-charter-2.0-draft-02.doc uploaded)

["Conor P. Cahill" <concahill@aol.com>]

Anthony Nadalin wrote on 11/16/2003, 9:31 PM:
 >
 > Thanks for the comments but I'm confused, it seems that OMA has chosen to
 > accept Liberty 1.1 for SSO but complete federated identity is still
 > out of
 > scope for the phase 1 work.
  So it seem that any immediate urgency from
 > the
 > mobile community can be solved by the specifications the Liberty group
 > has
 > encouraged the OMA to accept., So what is pushing the  urgency in the
 > SS-TC, can't folks use the Liberty specifications ? Maybe you can get
 > some
 > of your customers to help us understand why what  Liberty group has
 > encouraged the OMA to accept is not sufficient.

1) what OMA has chosen to do or not do is not at issue here.  Clearly 
there are many politicial and resource isses involved in any decision 
that may be made by such an organization.

2) There is not a sudden "urgency" within the SSTC to encompass 
federation.  Federation, to many of us, is clearly a part of the SSO 
environment and needs to be solved to enable reasonable SSO across 
identity domains.  This is a natural place in the evolution of the SAML 
specs to address this and "urgency" only comes to mind by people trying 
to stop the process.

3) The adoption of the SSO portion of the Liberty specifications without 
the federation portions (assuming this is true, I haven't seen any 
public announcements of such adoptions) flies in the face of your 
concern about SAML generating a "monolithic" specification.  Clearly the 
SSO mechanisms are separate and distinct from the federation mechanisms.

 > You are welcome to attend the public workshops on the various WS-*
 > specifications. RSA  is joining us next week, and maybe Nokia could
 > participate  with the authors and other companies. These workshops
 > allows an open exchange under RF rules prior to submitting the
 > specifications to astandards body.

That is not our understanding of the conditions for participation in 
those workshops.  First off, they are not joint specification work, but 
rather "one-way give us input, we'll decide what to do" type meetings. 
Secondly the terms for such meetings require legal agreements from 
people other than the authors without providing equally binding 
agreements upon the authors.

If you want real participation in the development of the WS-* specs, you 
need to bring them into a standards body.

Conor