[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Exec overview 02 comments
Looks pretty good, just a few things... Line 118, I would say "the information is not *only* an authn assertion" as opposed to saying there is none. At least if SSO is still the basic SAML mechanism being discussed. It's also the case that the attribute-based model is useful regardless of privacy. I might share attributes simply because the primary user identifier just isn't very useful. Line 149, I'd rather state this as "request that the use of an identifier be terminated". Federation (as a verb) isn't used in the rest of the document much if it all, and it's a specific use case. Line 157, the SAML URI Binding is exactly a special case that doesn't communicate SAML protocol but is for resolving assertions. I'd replace that with the HTTP Redirect binding, which is about how to pass protocol messages through HTTP redirection. Line 187, as above I'd call this "Identifier Management". Line 213, here's a tweaked paragraph for Shibboleth: "Shibboleth is an Internet2 initiative to develop technical and policy frameworks and an open software system for the sharing of online resources among researchers, students, etc. within higher education. Like Liberty, Shibboleth profiled SAML for their particular requirements and, also like Liberty, built privacy management into the architecture. Shibboleth's input has been fed back into SAML2." -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]