OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed Agenda for SSTC Conference Call, Dec 23

Hi guys - Can we please tone down the rhetoric a bit and stick to discussions of requirements, use cases, and technical solutions... 

 

Thank you.

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

-----Original Message-----
From: Skytta Timo (Nokia-TP/Espoo) [mailto:timo.skytta@nokia.com]
Sent: Tuesday, January 06, 2004 5:05 PM
To: security-services@lists.oasis-open.org
Subject: RE: [security-services] Proposed Agenda for SSTC Conference Call, Dec 23

 

Hi Anthony,

Sorry for late reply.

On Wed, 2003-12-31 at 04:55, ext Anthony Nadalin wrote:

Timo,

Before I jump into technology I like to understand the requirements and problems being solved, so I guess I'm not as well versed as you in jumping right into technology and then figuring out the requirements.


I don't disagree on the requirements or associated business problems needing to be understood, and I think we have
explained them already several times.... and I think Frederick just made a contribution proposing the use of LECP profile,
but what ends up being in SAML 2.0 is the result of the co-operative efforts of this team.

If you think requirements are not valid, I request you to state why, since you also seem to ignore my request on you showing me how
you make any of the existing Artifact/POST profiles to work with the large amount of existing mobile handsets, which is
a specific requirement for Nokia and my industry. Maybe you don't understand why they don't work ? I think we also have
tried to explain this in one of the earlier emails......

What concerns me is that you seem to be indicating that while it is perfectly OK for IBM to participate in generic XML standardization,
and drive your enterprise requirements here, the same doesn't apply for Nokia/Mobile requirements.  Nokia should basically accept
whatever generic specification you come up with, and be happy with profiling it somewhere else.

Sorry, Nokia just doesn't trust that you get it right for it, thus it wants to be involved in the creation of the generic XML-specifications.

If OMA wants to create it's own profiles or even it's own generic XML-specifications, that is OMA's decision. Here I am representing Nokia, not OMA.



I have read your comeback and that's not what we see in mobile standards groups (no specific requirements for a LECP type profile) thus I'm asking for usage outside the mobile area.


OMA Requirements do not state LECP, of course not, they state that one needs an SSO-profile that works RELIABLY with the existing 100's of millions GRPS handsets,
and that requirement can be fulfilled FOR EXAMPLE with LECP profile, while it can't be fulfilled with existing Artifact/POST type of profiles.

If you have alternative technical solution, I am more than happy to see technical proposals or contributions from IBM addressing these requirements.

-Timo

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]