[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Could use advise on changing the SAML FAQ
I got a bit stumped when working on my action item to change the SAML FAQ (http://www.oasis-open.org/committees/security/faq.php) so that it doesn't talk about "slight" incompatibilities. Rob gave me some input but suggested I check with the TC to be sure. This is about the paragraph under the question "What is SAML's history and background? What is in SAML's future?" that reads as follows: "Approval of SAML v1.1 followed in September 2003. This version focused on improving interoperability and specification clarity through experience with Version 1.0, and in particular on tightening up the relationship of SAML with XML Signature. In general, minor revisions of SAML can be expected to be backwards compatible. This version is very slightly incompatible with SAML v1.0 in the area of XML Signature in order to take advantage of new knowledge about XML Signature processing." I was instructed "to change the FAQ answer for 1.0-to-1.1 to remove the suggestion of compatibility and to comment on the fact that products that support V1.0 also implement V1.1, such that it's a product compatibility issue and a partner communication/contract issue to choose one." My attempt at a revision resulted in the following, which felt like it was answering questions that hadn't been asked: "Approval of SAML v1.1 followed in September 2003. This version focused on improving interoperability and specification clarity through experience with Version 1.0, and in particular on tightening up the relationship of SAML with XML Signature. Typically, products that offer SAML v1.0 support also offer SAML v1.1 support. As in any situation, if you are making a decision about which version to deploy, you should check on product compatibility among your identity federation partners and ensure that any deployment/configuration agreements specify the correct version." Rob's attempt went like this: "Approval of SAML v1.1 followed in September 2003. This version focused on improving interoperability and specification clarity through experience with Version 1.0, and in particular on tightening up the relationship of SAML with XML Signature. The nature of these changes resulted in certain backward compatibility issues for SAML V1.0 and V1.1, so in general, these two versions are considered to be incompatible when different versions of SAML are configured between partners. Products have been introduced to the market that support both SAML V1.0 and V1.1, although they typically require any specific configuration of any two cooperating partners to use the same version of SAML. As in any situation, if you are making a decision about which version to deploy, you should check on product compatibility among your identity federation partners and ensure that any deployment/configuration agreements specify the correct version." I like Rob's new/changed text on top of mine. My only additional thought is that maybe we want to break out much of this detailed stuff into a separate question like "What are the differences between SAML v1.0 and SAML v1.1?" -- or add it to the question currently called "What's new in SAML v2.0?" and change the question to "What are the differences between SAML versions?" Then we could broaden the product deployment and configuration advice so that it applies to any version. What do people think? Can we spend one minute on this issue in today's call? Eve -- Eve Maler +1 425 947 4522 Technology Director eve.maler @ sun.com CTO Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]