Re: [security-services] Proposed Charter Update

[Anthony Nadalin <drsecure@us.ibm.com>]

> 2. The addition of "and non-SAML based" in the 3rd bullet greately
extends the scope of work saying that the SSTC has, in it's scope, to deal
with federation in other security architectures (specifically those that
are not based on SAML).    I think this broadens the scope way beyond what
is reasonable for the SSTC to effectively handle.

So you believe that "Develop an approach for unifying various identity
federation models found in real-world SAML and non SAML based
implementations and security architectures" is out of scope ? This was an
attempt to help bridge (not actually do the work but "Develop an approach")
the SS-TC work and other work, and what I take away is that you don't want
this to happen.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "Conor P. Cahill"|
|         |           <concahill@aol.co|
|         |           m>               |
|         |                            |
|         |           11/17/2003 04:12 |
|         |           AM               |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS                                                                                               |
  |       cc:       security-services@lists.oasis-open.org                                                                                         |
  |       Subject:  Re: [security-services] Proposed Charter Update                                                                                |
  >------------------------------------------------------------------------------------------------------------------------------------------------|





I don't like the proposed update changes because:

1. The removal of the phrase "the ability to federate identities across
such domains" will be used by some to try to argue that identity federation
is out of scope.  The reason for claifying the charter to to recognize that
SSO across domains is kind of impossible without some form of federation of
identities.

2. The addition of "and non-SAML based" in the 3rd bullet greately extends
the scope of work saying that the SSTC has, in it's scope, to deal with
federation in other security architectures (specifically those that are not
based on SAML).    I think this broadens the scope way beyond what is
reasonable for the SSTC to effectively handle.

Note that my objection, in no way, means that we shouldn't consider other
work that is done  -- just that solutions for such other systems should not
be within our scope of work.

Conor
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php
.