OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Re: Attribute Sharing Profile for X.509Authentication-Based Systems (Draft-12)


That looks good to me -- Tom?
::Ari

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Wednesday, March 28, 2007 12:15 PM
> To: 'Tom Scavo'; 'OASIS SSTC'
> Subject: RE: [security-services] Re: Attribute Sharing 
> Profile for X.509
> Authentication-Based Systems (Draft-12)
> 
> 
> > I'm still not clear on how best to reword this.  Scott, 
> would you mind
> > taking a crack at this?  Here's how it stands now:
> >
> > ---------------------
> > The service provider and identity provider MAY use metadata 
> in support
> > of this deployment profile for locating endpoints, communicating key
> > information, and so on. If SAML V2.0 metadata is used, the
> > <md:AttributeAuthorityDescriptor> element defined by the 
> SAML metadata
> > specification [SAMLMeta] and the query:AttributeQueryDescriptorType
> > complex type defined by the SAML metadata extension specification
> > [SAMLMeta-Ext] SHOULD be used with this deployment profile.
> > ---------------------
> 
> Here's a suggested change:
> 
> ---------------------
> The service provider and identity provider MAY use metadata 
> in support of
> this deployment profile for locating endpoints, communicating key
> information, and so on. If SAML V2.0 metadata is used, the 
> identity provider
> SHOULD use the  <md:AttributeAuthorityDescriptor> element 
> defined by the
> SAML metadata specification [SAMLMeta]. The server provider 
> SHOULD use the
> query:AttributeQueryDescriptorType complex type defined by 
> the SAML metadata
> extension specification [SAMLMeta-Ext], or it MAY use the
> <md:SPSSODescriptor> element defined by SAML metadata specification
> [SAMLMeta] if it also offers profile support consistent with 
> that element.
> Other role types defined in future specifications MAY be used 
> in conjunction
> with this profile, subject to agreement by the parties.
> ---------------------
> 
> If you want to leave out the future proofing, let me know and 
> I'll reword it
> stronger.
> 
> -- Scott
> 
> 
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]