OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Revised SAML FAQ is up

Hi folks-- The new SAML FAQ content is now available:

   http://www.oasis-open.org/committees/security/faq.php

Please let me know if you see any problems.

I took a lot of the answer text from a draft of the Executive 
Overview, so hopefully it looks okay.  (Thanks to Paul M. for 
unknowingly writing the new FAQ! :-)  I have saved up a bunch of 
other questions that we don't have written answers for yet, and 
would be interested in getting people signed up to propose answers 
(or better or more questions!).  Most of the items below are 
verbatim from whoever posed them...

========
- Question that highlights the GSA eAuthentication connection and 
interop info

- Is SAML interoperable across Java and .NET platform implementations?

- What level of security does SAML provide on its own? (i.e. without 
using PKI, Kerberos etc). In other words does it depend on 
complementary security standards to be implemented, or can SAML be 
implemented stand-alone?

- Will SAML PDPs need to be configured to understand only selected
authz decision queries?

- How does SAML work with SPML (Services Provisioning Markup Language)?

- Implementation - how do you maintain persistence ?

- How do you manage lifetime of SAML assertions ?

- How do you squeeze more content into SAML when you wish to mix 
(more) authentication with attributes?

- Why use SAML - is it secure ? ( answer : the threats (list) have 
all been examined, worked through, and it is the only such set of 
constructs in the public domain)

- Performance - can one use SAML for non-web based applications ? 
And if so how is best?  Will XML/SAML hurt performance of transactions?

- Deeper answer to the SAML vs. XACML question on authz decision stuff

- Maturity and industry acceptance?

- Can SAML be used to provide SSO for web-enabled legacy 
applications (Citrix/Transfuse to Legacy client/server applications)?

- IPR situation on SAML
========

	Eve
-- 
Eve Maler                                      eve.maler @ sun.com
Sun Microsystems - Business Alliances     x40976 / +1 425 947 4522

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]