OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] SAML Profiles for X.509 Subjects

What is the impact of these new documents on the CD/public review cycle of the sstc-saml-x509-authn-attrib-profile document? I mean, do you intend them to obsolete/replace the existing profile spec, or for them to exist separately?
::Ari

> -----Original Message-----
> From: Tom Scavo [mailto:trscavo@gmail.com]
> Sent: Tuesday, August 29, 2006 3:49 PM
> To: OASIS SSTC
> Subject: [security-services] SAML Profiles for X.509 Subjects
> 
> 
> I've uploaded two new document sets (odt, pdf, odg, xsd) to 
> the repository:
> 
> SAML V1.1 Profiles for X.509 Subjects:
>   X.509 SAML Subject Profile
>   SAML Assertion Profile for X.509 Subjects
>   SAML Attribute Query Profile for X.509 Subjects
>   SAML Attribute Self-Query Profile for X.509 Subjects
> 
> SAML V2.0 Profiles for X.509 Subjects:
>   X.509 SAML Subject Profile
>   SAML Assertion Profile for X.509 Subjects
>   SAML Attribute Query Profile for X.509 Subjects
>   SAML Attribute Self-Query Profile for X.509 Subjects
> 
> The latter has been formulated as draft-11 of the Attribute Sharing
> Profile.  Since this is a significant rewrite, however, there is no
> redline version between draft-10 and draft-11.  For this reason, I
> have no problem forking this onto a completely separate track, if
> that's what people want to do.
> 
> As you can see, the organization of the new profile is very different
> than the Attribute Sharing Profile.  The latter focuses on Enhanced
> Mode whereas the new document is layered with reusable components.
> This leads naturally to a Self-Query Profile, which is completely new.
> 
> As far as I know, there is nothing in this new set of profiles that
> precludes anything currently specified in the Attribute Sharing
> Profile.  In other words, a deployment of the latter automatically
> satisfies the requirements of the former.  If anyone finds this is not
> the case, please let me know and I'll try to fix it.
> 
> Tom Scavo
> NCSA/University of Illinois
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]