[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] New work product requests submitted
I am missing in this list the technical overview document. Although it is non-mormative, it serves as a kind of starting point. Tech-overview does explain major use cases and protocol sequences quite well, but does not such a good job to understand data structures, in particular metadata, very well. I would like to see the structural model of SAML being described using UML. That should at least be more readable than xsd and consolidate the various extensions to metadata. A related topic would be the compatibility with OIDC and the question of JWT in SAML. Both topics have the prerequisite of a common abstract model that is good enough to allow correct semantic mapping between each specific structure. Anticipating the resource question: yes, I am willing to contribute. - Rainer Am 12.09.2012 um 03:32 schrieb "Cantor, Scott" <cantor.2@osu.edu>: > Jira notifications may not be working at the moment, but I submitted work > product requests for all of the original standard documents: > > Assertions and Protocols (saml-core-2.1) > Bindings (saml-bindings-2.1) > Profiles (saml-profiles-2.1) > Metadata (saml-metadata-2.1) > Authentication Context (saml-authn-context-2.1) > Conformance Requirements (saml-conformance-2.1) > Security and Privacy Requirements (saml-sec-consider-2.1) > Glossary (saml-glossary-2.1) > > I don't know if that's going to be the final set we want, I'm guessing > maybe not, but I can start getting the material in order at least. > > Does the new process allow us to have a separate Conformance document? > > A couple of thoughts I had: > > Glossary? How much work to put in? My big complaint was that we mostly > dropped it entirely before we ever finished 2.0 and I don't think it's in > very good shape. Not sure having a bad or incomplete glossary helps much. > My thinking is we should take out some of the more conceptual stuff in > there or attempts to define industry concepts and focus on defining *SAML* > terms that are in the other documents as much as possible. > > Given actual use of Authn Context, are there aspects of that we should > deprecate? Move the LOA profile document into the AC spec? > > How should Profiles really be organized? I noted a couple of ideas: > > I'd like to move the confirmation method stuff into core because it seems > to me to be along the lines of the other identifier sections in core and > gets reused by various things. > > I wonder if the attribute profile material might be put into a separate > document together with other post-2.0 work around attributes. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: security-services-help@lists.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]