[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Revised version of the B2B Scenario Variation Use Cases (UC-2-05,UC-2-06, UC-2-07)
Attached is the revised version of the B2B Use cases: 2-05 thru 2-07. The revision is based on specific commments/compromises from following folks: 1) David Orchard > What I suggest is that the scenarios you propose should have some clearly > delineated sections so that we could vote on portions. I have labeled each step and also explciitly stated that Authentication Service and Protocol are beyond the scope of SAML w.r.t. UC-2-05. Prateek: Please feel free to do any additional wordsmithing.... 2) Evan Prodromou >Zahid, if you don't mind, could edit the use cases so they don't do >credential exchange through SAML? If you look at the other use case >scenarios, they have kind of big blobby "Authenticate" steps that are >undefined. Well, I considered a blobby authentication step, but I think we seem to have some agreement (or atleast I believe that if we specify Credential schema specification then we should atleast show a use case of using it from an SAML-enabled app) that we should show how Credential will be transfered, how Credential wil be packaged is also pertinent to the bindings group. How they will be processe and valdiated is beyond tje scope which we note/delineate. 3. Prateek Mishra >We have agreed to exclude Authentication methods NOT credential representation! >I dont see how including some credentials within an XML document and sending it >to a server constitutes an authentication service. All you are doing is trusting >the server with your credentials. >I still do not understand the objection to Steps 2-4. One server >sends another trusted server some credentials together with a payload; >the second server in some unspecificed fashion reads the credentials >and generates a name assertion and property assertions which >it attaches to the payload. Where is the authentication protocol? Agreed; but have made revisions based on David's comments of specifically identifying the steps that are beyond the scope of SAML. 4. Stephen Farrell 3/6/01 Tele-conf comment: Delegation is out of scope. Agreed, we note that fact in UC-2-07. Potentially UC-2-07 could still be out-of-scope; however, how do we show that SAML assertion will be propagted by from one domain to another in context of B2B? I have hihlighted the delegation step is out of scope but SAML assertion exchanges are in-scope. Please provide any comments ASAP; or we can discuss at tele-meeting, if needed. Also, I'm going to be out of the country, with very little e-mail access between March 8-25; hence, will depend on Prateek to manage revision of this. After 3/25, I do want to help get all the B2B Use cases in order. thanks, Zahid
B2B Transaction Use Cases-Revised.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC