OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] RE: IBM charter position (was[security-services] Groups - sstc-saml-charter-2.0-draft-02.doc uploaded)


Sorry for late reply....

On Mon, 2003-11-17 at 04:31, ext Anthony Nadalin wrote:
> Thanks for the comments but I'm confused, it seems that OMA has chosen
> to accept Liberty 1.1 for SSO but complete federated identity is still
> out of scope for the phase 1 work. So it seem that any immediate
> urgency from the mobile community can be solved by the specifications
> the Liberty group has encouraged the OMA to accept., So what is
> pushing the  urgency in the SS-TC, can't folks use the Liberty
> specifications ? Maybe you can get some of your customers to help us
> understand why what  Liberty group has encouraged the OMA to accept is
> not sufficient.

OMA (Open Mobile Alliance) does it's own decisions as to what to use
etc... but in this particular case I think you have misunderstood
something, since OMA is normatively referring to the whole of ID-FF 1.1
including Federated Identity. Please check with your OMA folks.

> 
> You are welcome to attend the public workshops on the various WS-*
> specifications. RSA  is joining us next week, and maybe Nokia could
> participate  with the authors and other companies. These workshops
> allows an open exchange under RF rules prior to submitting the
> specifications to a standards body. See
> http://www-106.ibm.com/developerworks/offers/WS-Specworkshops/ for IP
> and other related issues. 

You know perfectly well Nokia's concerns related to this and similar
workshops.
1) Our legal has issues with this, similar to what AOL indicated, they
advice us not to sign this or similar documents.
2) Nokia is been asked to give it's comments and contributions to an
unknown process, which we can't influence.... somebody in some closed
environment makes decisions as to what is "IN" and what is "OUT".
3) Nokia doesn't want to endorse a process which by it's design has been
created to bypass a real standardization process.


> I remember Liberty making a similar commitment to hold such events.
> Have there been any workshops held under RF terms yet ?
> 

I assume you are referring to page 8 of the following white paper:
http://www.projectliberty.org/resources/whitepapers/wsfed-liberty-overview-10-13-03.pdf

If you read it you will notice that it serves quite a different purpose
than what the one you refer to serves. Liberty doesn't need to arrange
specific public feedback sessions about it's specifications, since it is
an open standardization organization like OMA, W3C or WS-I forum. Thus
anybody interested in Liberty's work can join and participate. 

The white paper calls for sessions about convergence between various
industry efforts and how to move forward on those. 


> I also don't understand the phone number references you make ? I know
> there is some EU mandate coming but I'm not sure why the SAML group
> needs to address this, can you elaborate  as I have not seen any
> requirement in the SS-TC or in OMA yet.?

I think you might be mixing a specific use case with general features.
What I described is a use case fully possible to implement using ID-FF,
even thought the ID-FF spec doesn't specifically mention phone numbers
:-). The general features of ID-FF allows the use case to work, and I
hope to see these general features included in SAML 2.0.

-Timo

ps. check out FCC-page: http://www.fcc.gov/cgb/NumberPortability/
    This makes the use of phone number as an identifier in 
    transactions a bit difficult, and a pseudonymous/anonymous identity
    solution is needed, even at your home marketplace. Today this is 
    mostly addressed by deployments of proprietary systems, a standard
    typically helps out a bit on interoperability :-).


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]