[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SAML 2.1 Protocol Reorg Idea
On 1/2/13 10:49 AM, "La Joie, Chad" <Chad.LaJoie@covisint.com> wrote: >Well, I was looking for some specifics. I could not find any processing >rules in the Core document that wasn't a subsection of a specific >protocol section (i.e., I didn't see any general processing rules). There are some general rules in the initial sections (the ones everybody misses that explain rules for strings and dates for example), but no, I was referring mainly to the protocol sections. A bit of what's in assertions would also tend to cross profiles (e.g., the stuff on validity). >As for the bindings. For now I just assumed they would remain in a >separate document. Based on that, I think the direction you would be headed is probably to leave a lot of the early part of core intact, but essentially collapse the protocols and their profiles by taking advantage of the fact that most of the protocols really only had 1 profile defined for them. I can see why that would make sense, though it obviously makes any subsequent profile from a third party much larger and duplicative. But that isn't really this TC's problem at this stage. As a point of background, the reason the Authentication Request protocol is done the way it is, and the reason SSO is done so abstractly in terms of it is WS-Trust. I think it's past time to just go back and dump all that abstraction. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]