-----Original Message-----
From: Skytta Timo (Nokia-TP/Espoo)
[mailto:timo.skytta@nokia.com]
Sent: Tuesday, January 06, 2004
5:05 PM
To:
security-services@lists.oasis-open.org
Subject: RE: [security-services]
Proposed Agenda for SSTC Conference Call, Dec 23
Hi Anthony,
Sorry for late reply.
On Wed, 2003-12-31 at 04:55, ext Anthony Nadalin wrote:
Timo,
Before I jump into technology I like to understand the requirements and
problems being solved, so I guess I'm not as well versed as you in jumping
right into technology and then figuring out the requirements.
I don't disagree on the requirements or associated business problems needing to
be understood, and I think we have
explained them already several times.... and I think Frederick just made a
contribution proposing the use of LECP profile,
but what ends up being in SAML 2.0 is the result of the co-operative efforts of
this team.
If you think requirements are not valid, I request you to state why, since you
also seem to ignore my request on you showing me how
you make any of the existing Artifact/POST profiles to work with the large
amount of existing mobile handsets, which is
a specific requirement for Nokia and my industry. Maybe you don't understand
why they don't work ? I think we also have
tried to explain this in one of the earlier emails......
What concerns me is that you seem to be indicating that while it is perfectly
OK for IBM to participate in generic XML standardization,
and drive your enterprise requirements here, the same doesn't apply for
Nokia/Mobile requirements. Nokia should basically accept
whatever generic specification you come up with, and be happy with profiling it
somewhere else.
Sorry, Nokia just doesn't trust that you get it right for it, thus it wants to
be involved in the creation of the generic XML-specifications.
If OMA wants to create it's own profiles or even it's own generic
XML-specifications, that is OMA's decision. Here I am representing Nokia, not
OMA.
I have read your
comeback and that's not what we see in mobile standards groups (no specific
requirements for a LECP type profile) thus I'm asking for usage outside the
mobile area.
OMA Requirements do not state LECP, of course not, they state that one needs an
SSO-profile that works RELIABLY with the existing 100's of millions GRPS
handsets,
and that requirement can be fulfilled FOR EXAMPLE with LECP profile, while it
can't be fulfilled with existing Artifact/POST type of profiles.
If you have alternative technical solution, I am more than happy to see
technical proposals or contributions from IBM addressing these requirements.
-Timo