OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] SAML 2.1 Protocol Reorg Idea


On 1/2/13 10:49 AM, "La Joie, Chad" <Chad.LaJoie@covisint.com> wrote:

>Well, I was looking for some specifics.  I could not find any processing
>rules in the Core document that wasn't a subsection of a specific
>protocol section (i.e., I didn't see any general processing rules).

There are some general rules in the initial sections (the ones everybody
misses that explain rules for strings and dates for example), but no, I
was referring mainly to the protocol sections. A bit of what's in
assertions would also tend to cross profiles (e.g., the stuff on validity).

>As for the bindings.  For now I just assumed they would remain in a
>separate document.

Based on that, I think the direction you would be headed is probably to
leave a lot of the early part of core intact, but essentially collapse the
protocols and their profiles by taking advantage of the fact that most of
the protocols really only had 1 profile defined for them.

I can see why that would make sense, though it obviously makes any
subsequent profile from a third party much larger and duplicative. But
that isn't really this TC's problem at this stage.

As a point of background, the reason the Authentication Request protocol
is done the way it is, and the reason SSO is done so abstractly in terms
of it is WS-Trust. I think it's past time to just go back and dump all
that abstraction.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]