OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Re: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)


Yes, nicely done.  Thanks, Scott.

Ari, will you use Scott's text to compile draft-13, then?

Cheers,
Tom

On 3/29/07, Ari Kermaier <ari.kermaier@oracle.com> wrote:
> That looks good to me -- Tom?
> ::Ari
>
> > -----Original Message-----
> > From: Scott Cantor [mailto:cantor.2@osu.edu]
> > Sent: Wednesday, March 28, 2007 12:15 PM
> > To: 'Tom Scavo'; 'OASIS SSTC'
> > Subject: RE: [security-services] Re: Attribute Sharing
> > Profile for X.509
> > Authentication-Based Systems (Draft-12)
> >
> >
> > > I'm still not clear on how best to reword this.  Scott,
> > would you mind
> > > taking a crack at this?  Here's how it stands now:
> > >
> > > ---------------------
> > > The service provider and identity provider MAY use metadata
> > in support
> > > of this deployment profile for locating endpoints, communicating key
> > > information, and so on. If SAML V2.0 metadata is used, the
> > > <md:AttributeAuthorityDescriptor> element defined by the
> > SAML metadata
> > > specification [SAMLMeta] and the query:AttributeQueryDescriptorType
> > > complex type defined by the SAML metadata extension specification
> > > [SAMLMeta-Ext] SHOULD be used with this deployment profile.
> > > ---------------------
> >
> > Here's a suggested change:
> >
> > ---------------------
> > The service provider and identity provider MAY use metadata
> > in support of
> > this deployment profile for locating endpoints, communicating key
> > information, and so on. If SAML V2.0 metadata is used, the
> > identity provider
> > SHOULD use the  <md:AttributeAuthorityDescriptor> element
> > defined by the
> > SAML metadata specification [SAMLMeta]. The server provider
> > SHOULD use the
> > query:AttributeQueryDescriptorType complex type defined by
> > the SAML metadata
> > extension specification [SAMLMeta-Ext], or it MAY use the
> > <md:SPSSODescriptor> element defined by SAML metadata specification
> > [SAMLMeta] if it also offers profile support consistent with
> > that element.
> > Other role types defined in future specifications MAY be used
> > in conjunction
> > with this profile, subject to agreement by the parties.
> > ---------------------
> >
> > If you want to leave out the future proofing, let me know and
> > I'll reword it
> > stronger.
> >
> > -- Scott
> >
> >
> >
>
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]