[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Drafts for review: Kerberos & SAML profiles
On 7 Jul 2009, at 01:14, Scott Cantor wrote: > My suggestions inline. I'm mainly focusing on the technical design > and where > I would describe the pieces, and not looking at editorial issues at > this > point to save time. > > Josh Howlett wrote on 2009-06-23: >> Please find attached three draft profiles. >> >> - Kerberos Attribute Profile 00: defines an attribute profile of >> Kerberos. > > As I said on the call, what I think we want to do here is define > this so > that we don't need a query profile at all, and instead rely on core > processing rules for the AttributeQuery/Response protocol. .... That's a nice approach; I will update accordingly. > >> - Kerberos Attribute Query Profile 06: defines how a SAML requestor >> can obtain a SAML attribute, that contains a Kerberos ticket, from a >> SAML attribute authority. > > Based on what I read, I don't think you really need this document > once the > attribute profile is supplemented slightly. It's pretty much out of > scope > how the SAML authority might satisfy the tickets requested, so it's > not like > there's a back-end protocol to specify here anyway. I think you're right. Thank you for your review and comments, it is greatly appreciated. Best regards, josh.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]