OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Proposed Agenda for SSTC Conference Call, Dec 23


Anthony,

Comments inline:

On Dec 29, 2003, at 9:43 PM, Anthony Nadalin wrote:

> Frederick,
>
> I have a couple of issues:
>
> (1) seems like a profile that another group like OMA takes up (but 
> have not seen a requirement there either)

LECP is not mobile-specific. It supports any non-HTTP user agent, not 
only those in mobile environments.

> (2) seems to rely on a "proxy" that seems to be out of scope of SAML 
> and thus seems like issue #1 may be where the profile and proxy can be 
> provided

The proxy is not necessary, and therefore, not "relied upon" by the 
profile. The proxy is an optional constituent of the profile - one that 
better supports current mobile SSO environments. I believe that better 
support for the environments both of SAML vendors and SAML customers 
*is* in scope for SAML.

> (3) seems there is nothing specific to SAML (value add) thus seems 
> like issue #1 may be where the profile best done

As has been explained by others, there is a "value add" in that the 
mobile world brings many new customers for SAML technology. In 
addition, LECP opens up a world of non-HTTP support for SAML 
technology; something that customers of this technology will likely 
welcome, and which will enable vendors to better support their 
customers' needs.

- JohnK



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]