OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Revised version of the B2B Scenario Variation Use Cases (UC-2-05,UC-2-06, UC-2-07)

Attached is the revised version of the B2B Use cases: 2-05 thru 2-07.

The revision is based on specific commments/compromises from 
following folks:

1) David Orchard
> What I suggest is that the scenarios you propose should have some clearly
> delineated sections so that we could vote on portions.

I have labeled each step and also explciitly stated that Authentication
Service and Protocol are beyond the scope of SAML w.r.t. UC-2-05.

Prateek: Please feel free to do any additional wordsmithing....


2) Evan Prodromou
>Zahid, if you don't mind, could edit the use cases so they don't do
>credential exchange through SAML? If you look at the other use case
>scenarios, they have kind of big blobby "Authenticate" steps that are
>undefined.

Well, I considered a blobby authentication step, but I think we seem
to have some agreement (or atleast I believe that if we specify Credential
schema specification then we should atleast show a use case of using it
from an SAML-enabled app) that we should show how Credential will be
transfered, how Credential wil be packaged is also pertinent to the
bindings group. How they will be processe and valdiated is beyond tje
scope which we note/delineate. 

3. Prateek Mishra
>We have agreed to exclude Authentication methods NOT credential
representation! 
>I dont see how including some credentials within an XML document and
sending it 
>to a server constitutes an authentication service. All you are doing is
trusting 
>the server with your credentials. 

>I still do not understand the objection to Steps 2-4. One server
>sends another trusted server some credentials together with a payload;
>the second server in some unspecificed fashion reads the credentials
>and generates a name assertion and property assertions which
>it attaches to the payload. Where is the authentication protocol?

Agreed; but have made revisions based on David's comments of specifically
identifying the steps that are beyond the scope of SAML.

4. Stephen Farrell
3/6/01 Tele-conf comment: Delegation is out of scope.
Agreed, we note that fact in UC-2-07.
Potentially UC-2-07 could still be out-of-scope; however, how do we
show that SAML assertion will be propagted by from one domain to another
in context of B2B? I have hihlighted the delegation step is out of scope but
SAML assertion exchanges are in-scope.

Please provide any comments ASAP; or we can discuss at tele-meeting,
if needed.

Also, I'm going to be out of the country, with very little e-mail access 
between March 8-25; hence, will depend on Prateek to manage revision of
this. 
After 3/25, I do want to help get all the B2B Use cases in order.

thanks,
Zahid

B2B Transaction Use Cases-Revised.doc

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC