[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Per AI #0169 (Draft formal response to IBM research report on SAML)
SSTC colleagues, Along with this message, I've now uploaded an initial working draft of a response to the Gross paper as a basis for review and comment. I have conflicts against at least most of the group call slot tomorrow (13 July), but solicit e-mail discussion in advance of its consideration at a later meeting, once the shorter-fused V2.0 last call documents have been handled appropriately. In a number of places, I've attempted to intuit and/or assert an interpretation on behalf of the SSTC; please take a look and see if you agree with the indicated positions. As I reread the Gross paper along with the minutes from its discussion at the Toronto meeting, one point struck me that I thought was worth raising to the group: Given that (per bindings-1.0, secs. 4.1.1.3 and 4.1.1.7), SAML cites the steps of Accessing the Inter-Site Transfer Service and Responding to the User's Request For a Resource as steps within the BAP, I don't think it's unreasonable for an independent reader or evaluator to draw the conclusion that these processes are within SAML's scope (and, hence, that SAML might take a role in protecting them), rather than ancillary stages in an overall scenario of which SAML per se is another part. We may want to consider if there's possible wording or structure that more explictly delimits the boundaries of where SAML starts and ends. --jl
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]