Re: [ebxml-msg] FW: [security-services] Call for work item owners

[Doug Bunting <Doug.Bunting@Sun.COM>]

Dale,

A clarification please: Does this work item relate to carrying SAML 
assertions and other messages from that protocol using the ebXML 
Messaging protocol?  This seems most appropriate for work within the 
SAML (Security Services) TC.  The alternative is expanding the vague 
reference to SAML as an authentication mechanism in our (ebXML Messaging 
2.0) document.  Your added notes seem to lean in this direction.

thanx,
	doug

On 12-Aug-03 10:14, Dale Moberg wrote:

> OK Matt!
> 
> I will wait a couple more days, and then send off our offer to SAML to
> help with it or just-do-it.
> I assume we can begin by seeing whether we can follow the basic SOAP
> binding fairly closely. Here is a URL for you and Jeff for that one. [I
> will send it later. Can't get to OASIS web site again...]
> 
> We also need to consider what the going-forward plan for ebMS 2.x and
> 3.x should/could be, and make sure that what we propose fits. I think we
> can just let SAML assertions be in their own soap:header block/module,
> and not worry about embedding it somehow in the ebXML header block. At
> least that is my working assumption--let me know if you have a different
> view.
> 
> 
> Dale
> 
> 
> 
> 
> -----Original Message-----
> From: Matthew MacKenzie [mailto:matt@yellowdragonsoft.com] 
> Sent: Tuesday, August 12, 2003 3:04 AM
> To: Dale Moberg
> Cc: ebxml-msg@lists.oasis-open.org; eve.maler@sun.com
> Subject: Re: [ebxml-msg] FW: [security-services] Call for work item
> owners
> 
> 
> I'm in.
> 
> Matthew MacKenzie
> 
> Dale Moberg wrote:
> 
> 
>>Hi,
>>
>>Jeff T. and I are willing to work on W-20 itemized below by the SAML 
>>group. Does anyone else want to help? We can send a msg to Eve Maler 
>>saying we are volunteering. Clearly the more known about both SAML and
>>ebXML Messaging the better!
>>
>>Dale
>>
>>-----Original Message-----
>>From: Eve L. Maler [mailto:eve.maler@sun.com]
>>Sent: Monday, August 11, 2003 10:50 AM
>>To: security-services@lists.oasis-open.org
>>Subject: [security-services] Call for work item owners
>>Importance: Low
>>
>>
>>I have attached the next draft of the scope/work items document 
>>(because
>>
>>I can't get to the members-only SAML home page to upload it) -- thanks
>>to Scott for reorienting it and fleshing it out some more.  I've 
>>numbered all the candidate work items, even though the order and 
>>grouping may not be perfect.  Please take a look and sign yourself up
> 
> as
> 
>>an "owner" of unassigned items that interest you; a few already have
>>owners:
>>
>>W-1  Session Support
>>W-2  Identity Federation
>>W-3  Metadata and Exchange Protocol (Jahan?)
>>W-4  Protocol Enhancements
>>W-5  SSO Profile Enhancements
>>W-6  Proxied SSO
>>W-7  Introduction Protocol
>>W-8  Authentication Context
>>W-9  XML Encryption
>>W-10 Back Office Profiles
>>W-11 Mid-Tier Usage
>>W-12 Attribute Retrieval Enhancement
>>W-13 Hierarchical Privilege Delegation ](Krishna has suggested
>>W-14 SAML Server Trust                 ] combining these --
>>W-15 Delegation and Intermediaries     ] sign up for them together?)
>>W-16 Multi-Participant Transactional Workflows (Scott, RLBob, Jeff)
>>W-17 Credentials Collector and Assertions (Tim, Jeff) 
>>W-18 SASL Support 
>>W-19 HTTP Binding (Scott) 
>>W-20 ebMS Binding 
>>W-21 Baseline Attribute Namespace (Scott, RLBob) 
>>W-22 Assertion Caching 
>>W-23 Security Workflow 
>>W-24 Privacy and Anonymity 
>>W-25 Kerberos Support (John Hughes) 
>>W-26 Dependency Audit (Prateek) 
>>W-27 Security Analysis Enhancements 
>>W-28 XACML-Proposed Changes
>>
>>Here's what is expected of work item owners:
>>
>>========
>>We intend to take a use-case-based approach for each new area of
>>functionality. The owner(s) for each candidate work item will be 
>>expected to make a proposal containing at least one use case and 
>>definitions of any new terms.  On acceptance of a use case, the
> 
> owner(s)
> 
>>will be expected to make a proposal for SAML technology that solves the
>>use case.  In the work item table below, the following status values
> 
> are
> 
>>applied:
>>O Candidate work item
>>	o	Unassigned
>>	o	Waiting for use case proposal
>>	o	Considering use case proposal
>>	o	Rejected
>>O Active work item (if a candidate work item was accepted)
>>	o	Waiting for solution proposal
>>	o	Considering solution proposal
>>	o	Solution incorporated
>>O Request for enhancement (presumes that the request came as the result
>>of a real use case)
>>	o	Waiting for proposal
>>	o	Considering proposal
>>	o	Disposition made (can be accepted, accepted with
>>modifications, or 
>>rejected; we also need to communicate the disposition back to the
>>requester) ========
>>
>>Okay folks, go for it!  We don't have to assign owners to everything;
>>whatever doesn't attract an owner probably isn't worth working on.  But
> 
> 
>>if we get owners assigned to the interesting stuff by the next telecon,
> 
> 
>>we'll be making good progress.
>>
>>Oh, and yell if we've missed any obvious work items.
>>
>>	Eve
>> 
>>
>>-----------------------------------------------------------------------
>>-
>>
>>You may leave a Technical Committee at any time by visiting 
>>http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_wo
>>rkgroup.php

-- 
SunNetwork 2003 Conference and Pavilion
"An unparalleled event in network computing! Make the net work for you!"

WHEN:  September 16-18, 2003
WHERE: Moscone Center, San Francisco

For more information or to register for the conference, please visit:
http://www.sun.com/sunnetwork