[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Attribute Sharing Profile for X.509Authentication-Based Systems (Draft-12)
Yes, I will. Thanks, Ari > -----Original Message----- > From: Tom Scavo [mailto:trscavo@gmail.com] > Sent: Thursday, March 29, 2007 12:32 PM > To: Ari Kermaier > Cc: Scott Cantor; OASIS SSTC > Subject: Re: [security-services] Re: Attribute Sharing > Profile for X.509 > Authentication-Based Systems (Draft-12) > > > Yes, nicely done. Thanks, Scott. > > Ari, will you use Scott's text to compile draft-13, then? > > Cheers, > Tom > > On 3/29/07, Ari Kermaier <ari.kermaier@oracle.com> wrote: > > That looks good to me -- Tom? > > ::Ari > > > > > -----Original Message----- > > > From: Scott Cantor [mailto:cantor.2@osu.edu] > > > Sent: Wednesday, March 28, 2007 12:15 PM > > > To: 'Tom Scavo'; 'OASIS SSTC' > > > Subject: RE: [security-services] Re: Attribute Sharing > > > Profile for X.509 > > > Authentication-Based Systems (Draft-12) > > > > > > > > > > I'm still not clear on how best to reword this. Scott, > > > would you mind > > > > taking a crack at this? Here's how it stands now: > > > > > > > > --------------------- > > > > The service provider and identity provider MAY use metadata > > > in support > > > > of this deployment profile for locating endpoints, > communicating key > > > > information, and so on. If SAML V2.0 metadata is used, the > > > > <md:AttributeAuthorityDescriptor> element defined by the > > > SAML metadata > > > > specification [SAMLMeta] and the > query:AttributeQueryDescriptorType > > > > complex type defined by the SAML metadata extension > specification > > > > [SAMLMeta-Ext] SHOULD be used with this deployment profile. > > > > --------------------- > > > > > > Here's a suggested change: > > > > > > --------------------- > > > The service provider and identity provider MAY use metadata > > > in support of > > > this deployment profile for locating endpoints, communicating key > > > information, and so on. If SAML V2.0 metadata is used, the > > > identity provider > > > SHOULD use the <md:AttributeAuthorityDescriptor> element > > > defined by the > > > SAML metadata specification [SAMLMeta]. The server provider > > > SHOULD use the > > > query:AttributeQueryDescriptorType complex type defined by > > > the SAML metadata > > > extension specification [SAMLMeta-Ext], or it MAY use the > > > <md:SPSSODescriptor> element defined by SAML metadata > specification > > > [SAMLMeta] if it also offers profile support consistent with > > > that element. > > > Other role types defined in future specifications MAY be used > > > in conjunction > > > with this profile, subject to agreement by the parties. > > > --------------------- > > > > > > If you want to leave out the future proofing, let me know and > > > I'll reword it > > > stronger. > > > > > > -- Scott > > > > > > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]