RE: [security-services] Stateless Conformity To SAML

["Steve Anderson" <sanderson@opennetwork.com>]

I can appreciate that, but I don't think that will be the universally held
view.  And for those that don't, I think this is a problem.  

Overall, it's an issue of insufficient granularity in the conformance claims.
I understand we're trying to move away from too much granularity, but this
has swung to the opposite extreme, IMO.
--
Steve Anderson
OpenNetwork



-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Friday, July 30, 2004 2:57 PM
To: Steve Anderson; security-services@lists.oasis-open.org
Subject: RE: [security-services] Stateless Conformity To SAML


> And that's my point -- a conformance claim should offer a helpful clue,
> and at the very least, not be misleading.  Claiming conformance to 
> Name ID management messages seems very misleading if the product doesn't
> have any notion of "remembering" users.

But let's be clear...I don't believe it's always the job of the SAML product
to do this in general. It's the job of the product to inform the surrounding
infrastructure that the change happened. And I believe that that's how at
least some people would expect to deploy it. It's certainly how I intend to
(I do wear both hats).

In such a case, my product isn't remembering the change (except perhaps to
modify some transitory state), but I would claim that it's perfectly
reasonable for me to claim conformance and that it's a useful claim and not
at all misleading. That's the crux of my argument.

-- Scott