Public Review of SAML V2.0 Identity Assurance Profiles Version 1.0 - 15 day review

[Mary McRae <mary.mcrae@oasis-open.org>]

To OASIS members, Public Announce Lists:

The OASIS Security Services TC has recently approved the following specification as a Committee Draft and approved the package for public review:

SAML V2.0 Identity Assurance Profiles Version 1.0

The public review starts today, 26 August 2010, and ends 10 September 2010. This specification was previously submitted for a 60-day public review on 14 April 2010[1]; this 15-day review is limited in scope to changes made from the previous review. All changes are highlighted/indicated in the accompanying change log/noted in the change log contained in the appendix.

This is an open invitation to comment. We strongly encourage feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of OASIS work.

More non-normative information about the specification and the technical committee may be found at the public home page of the TC at:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be located via the button marked "Send A Comment" at the top of that page, or directly at:
http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security.

Submitted comments (for this work as well as other works of that TC) are publicly archived and can be viewed at:
http://lists.oasis-open.org/archives/security-services-comment/. All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members.

The specification document and related files are available here:
Editable Source:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile-cd-02.odt
PDF:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile-cd-02.pdf
HTML:
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile-cd-02.html


The following changes were made since the last public review:
1) Reworked Section 1.1 'Motivation' to be more focussed and concise. Made more explicit the two distinct pieces of the document - 1) a metadata profile for expressing assurance certifications and 2) guidelines for using authncontext to carry assurance

2) Updated the reference in Section 1.5 'Non-normative references' to point to the Kantara Initiative Identity Assurance Framework

3) Significant reworking of Section 2 'AuthnContext Level-of-Assurance Profile', changed title to 'AuthnContext Identity Assurance Guidelines'

Changed section from what had been cast as a normative profile into non-normative guidelines for using authncontext to carry assurance levels. 

Replaced schema constructs with prose guidelines for defining LOA class URIs - now found in Section 2.1

4) In Section 3 'Identity Assurance Certification Attribute Profile', added detail to the 'Profile Overview' in Section 3.2 as to how certification information is added to an entities metadata.

5) In Section 3.6 'Example', added detail as to how certification information is added to an entities metadata

6) Removed Section 4.1 'AuthnContext Level-of-Assurance Profile Conformance' as the profile in question was recast as guidelines - obviating the need for conformance 



OASIS and the Security Services (SAML) TC welcome your comments.


Mary P McRae
Director, Standards Development
Technical Committee Administrator
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org 
web: www.oasis-open.org
twitter: @fiberartisan #oasisopen
phone: 1.603.232.9090

[1] http://lists.oasis-open.org/archives/tc-announce/201004/msg00004.html