[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Revised SAML FAQ is up
Hi folks-- The new SAML FAQ content is now available: http://www.oasis-open.org/committees/security/faq.php Please let me know if you see any problems. I took a lot of the answer text from a draft of the Executive Overview, so hopefully it looks okay. (Thanks to Paul M. for unknowingly writing the new FAQ! :-) I have saved up a bunch of other questions that we don't have written answers for yet, and would be interested in getting people signed up to propose answers (or better or more questions!). Most of the items below are verbatim from whoever posed them... ======== - Question that highlights the GSA eAuthentication connection and interop info - Is SAML interoperable across Java and .NET platform implementations? - What level of security does SAML provide on its own? (i.e. without using PKI, Kerberos etc). In other words does it depend on complementary security standards to be implemented, or can SAML be implemented stand-alone? - Will SAML PDPs need to be configured to understand only selected authz decision queries? - How does SAML work with SPML (Services Provisioning Markup Language)? - Implementation - how do you maintain persistence ? - How do you manage lifetime of SAML assertions ? - How do you squeeze more content into SAML when you wish to mix (more) authentication with attributes? - Why use SAML - is it secure ? ( answer : the threats (list) have all been examined, worked through, and it is the only such set of constructs in the public domain) - Performance - can one use SAML for non-web based applications ? And if so how is best? Will XML/SAML hurt performance of transactions? - Deeper answer to the SAML vs. XACML question on authz decision stuff - Maturity and industry acceptance? - Can SAML be used to provide SSO for web-enabled legacy applications (Citrix/Transfuse to Legacy client/server applications)? - IPR situation on SAML ======== Eve -- Eve Maler eve.maler @ sun.com Sun Microsystems - Business Alliances x40976 / +1 425 947 4522
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]