[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Exec overview 02 comments
A couple of quick comments.
- What's new in Saml2 - you could include IDP discovery.
- In Summary section s/benefits/benefit/
Tom.
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Tuesday, January 25, 2005 11:36 AM
To: security-services@lists.oasis-open.org
Subject: [security-services] Exec overview 02 comments
Looks pretty good, just a few things...
Line 118, I would say "the information is not *only* an authn assertion" as
opposed to saying there is none. At least if SSO is still the basic SAML
mechanism being discussed.
It's also the case that the attribute-based model is useful regardless of
privacy. I might share attributes simply because the primary user identifier
just isn't very useful.
Line 149, I'd rather state this as "request that the use of an identifier be
terminated". Federation (as a verb) isn't used in the rest of the document
much if it all, and it's a specific use case.
Line 157, the SAML URI Binding is exactly a special case that doesn't
communicate SAML protocol but is for resolving assertions. I'd replace that
with the HTTP Redirect binding, which is about how to pass protocol messages
through HTTP redirection.
Line 187, as above I'd call this "Identifier Management".
Line 213, here's a tweaked paragraph for Shibboleth:
"Shibboleth is an Internet2 initiative to develop technical and policy
frameworks and an open software system for the sharing of online resources
among researchers, students, etc. within higher education. Like Liberty,
Shibboleth profiled SAML for their particular requirements and, also like
Liberty, built privacy management into the architecture. Shibboleth's input
has been fed back into SAML2."
-- Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]