[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Re: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)
Yes, nicely done. Thanks, Scott. Ari, will you use Scott's text to compile draft-13, then? Cheers, Tom On 3/29/07, Ari Kermaier <ari.kermaier@oracle.com> wrote: > That looks good to me -- Tom? > ::Ari > > > -----Original Message----- > > From: Scott Cantor [mailto:cantor.2@osu.edu] > > Sent: Wednesday, March 28, 2007 12:15 PM > > To: 'Tom Scavo'; 'OASIS SSTC' > > Subject: RE: [security-services] Re: Attribute Sharing > > Profile for X.509 > > Authentication-Based Systems (Draft-12) > > > > > > > I'm still not clear on how best to reword this. Scott, > > would you mind > > > taking a crack at this? Here's how it stands now: > > > > > > --------------------- > > > The service provider and identity provider MAY use metadata > > in support > > > of this deployment profile for locating endpoints, communicating key > > > information, and so on. If SAML V2.0 metadata is used, the > > > <md:AttributeAuthorityDescriptor> element defined by the > > SAML metadata > > > specification [SAMLMeta] and the query:AttributeQueryDescriptorType > > > complex type defined by the SAML metadata extension specification > > > [SAMLMeta-Ext] SHOULD be used with this deployment profile. > > > --------------------- > > > > Here's a suggested change: > > > > --------------------- > > The service provider and identity provider MAY use metadata > > in support of > > this deployment profile for locating endpoints, communicating key > > information, and so on. If SAML V2.0 metadata is used, the > > identity provider > > SHOULD use the <md:AttributeAuthorityDescriptor> element > > defined by the > > SAML metadata specification [SAMLMeta]. The server provider > > SHOULD use the > > query:AttributeQueryDescriptorType complex type defined by > > the SAML metadata > > extension specification [SAMLMeta-Ext], or it MAY use the > > <md:SPSSODescriptor> element defined by SAML metadata specification > > [SAMLMeta] if it also offers profile support consistent with > > that element. > > Other role types defined in future specifications MAY be used > > in conjunction > > with this profile, subject to agreement by the parties. > > --------------------- > > > > If you want to leave out the future proofing, let me know and > > I'll reword it > > stronger. > > > > -- Scott > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]