[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Attribute Sharing Profile for X.509Authentication-Based Systems (Draft-12)
My apologies -- I went on vacation and neglected to upload the new draft first. Draft-13 has been uploaded now. ::Ari > -----Original Message----- > From: Ari Kermaier [mailto:ari.kermaier@oracle.com] > Sent: Friday, March 30, 2007 12:02 PM > To: Tom Scavo > Cc: Scott Cantor; OASIS SSTC > Subject: RE: [security-services] Re: Attribute Sharing > Profile for X.509 > Authentication-Based Systems (Draft-12) > > > Yes, I will. > Thanks, > Ari > > > > -----Original Message----- > > From: Tom Scavo [mailto:trscavo@gmail.com] > > Sent: Thursday, March 29, 2007 12:32 PM > > To: Ari Kermaier > > Cc: Scott Cantor; OASIS SSTC > > Subject: Re: [security-services] Re: Attribute Sharing > > Profile for X.509 > > Authentication-Based Systems (Draft-12) > > > > > > Yes, nicely done. Thanks, Scott. > > > > Ari, will you use Scott's text to compile draft-13, then? > > > > Cheers, > > Tom > > > > On 3/29/07, Ari Kermaier <ari.kermaier@oracle.com> wrote: > > > That looks good to me -- Tom? > > > ::Ari > > > > > > > -----Original Message----- > > > > From: Scott Cantor [mailto:cantor.2@osu.edu] > > > > Sent: Wednesday, March 28, 2007 12:15 PM > > > > To: 'Tom Scavo'; 'OASIS SSTC' > > > > Subject: RE: [security-services] Re: Attribute Sharing > > > > Profile for X.509 > > > > Authentication-Based Systems (Draft-12) > > > > > > > > > > > > > I'm still not clear on how best to reword this. Scott, > > > > would you mind > > > > > taking a crack at this? Here's how it stands now: > > > > > > > > > > --------------------- > > > > > The service provider and identity provider MAY use metadata > > > > in support > > > > > of this deployment profile for locating endpoints, > > communicating key > > > > > information, and so on. If SAML V2.0 metadata is used, the > > > > > <md:AttributeAuthorityDescriptor> element defined by the > > > > SAML metadata > > > > > specification [SAMLMeta] and the > > query:AttributeQueryDescriptorType > > > > > complex type defined by the SAML metadata extension > > specification > > > > > [SAMLMeta-Ext] SHOULD be used with this deployment profile. > > > > > --------------------- > > > > > > > > Here's a suggested change: > > > > > > > > --------------------- > > > > The service provider and identity provider MAY use metadata > > > > in support of > > > > this deployment profile for locating endpoints, > communicating key > > > > information, and so on. If SAML V2.0 metadata is used, the > > > > identity provider > > > > SHOULD use the <md:AttributeAuthorityDescriptor> element > > > > defined by the > > > > SAML metadata specification [SAMLMeta]. The server provider > > > > SHOULD use the > > > > query:AttributeQueryDescriptorType complex type defined by > > > > the SAML metadata > > > > extension specification [SAMLMeta-Ext], or it MAY use the > > > > <md:SPSSODescriptor> element defined by SAML metadata > > specification > > > > [SAMLMeta] if it also offers profile support consistent with > > > > that element. > > > > Other role types defined in future specifications MAY be used > > > > in conjunction > > > > with this profile, subject to agreement by the parties. > > > > --------------------- > > > > > > > > If you want to leave out the future proofing, let me know and > > > > I'll reword it > > > > stronger. > > > > > > > > -- Scott > > > > > > > > > > > > > > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]