OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [provision] FW: Base SPML on SAML rather than DSML?

I think SAML may have some relevance if the PSP wishes to obtain additional information about the principal who needs to be provisioned. So, for example, let's say the provisioning request is for John Doe, and the PSP needs to know John's credit status before authorizing the request. Then the PSP could query the RA (or some trusted third party) for attribute assertions about John's credit. This may make sense to be SAML based, however the original provisioning request would probably not be a great fit. Does anyone else have a better perspective on SAML to comment?
-----Original Message-----
From: rweltman@netscape.com [mailto:rweltman@netscape.com]
Sent: Tuesday, July 30, 2002 8:32 AM
To: Gavenraj Sodhi
Cc: provision@lists.oasis-open.org
Subject: Re: [provision] FW: Base SPML on SAML rather than DSML?

  SAML (so far) doesn't have a protocol for updating attributes, just acquiring them (issue an attribute request, get an attribute assertion back). You could devise a protocol where a requestor instead submitted an attribute assertion (as a request to update/add an attribute), but there is no support for that as a protocol in SAML: is the assertion an add or an update, what should the response of the receiver be, etc.

  Caveat: I haven't followed the SAML list much for the past couple of months.


Gavenraj Sodhi wrote:


-----Original Message-----
From: DeSouza, Edwin [mailto:edesouza@jamcracker.com]
Sent: Monday, July 29, 2002 6:25 PM
To: Gavenraj Sodhi; Darran.Rolls@waveset.com
Cc: hal.lockhart@entegrity.com; tim.moses@entrust.com;
pmishra@netegrity.com; Jeff.Hodges@sun.com; eve.maler@sun.com;
Subject: Base SPML on SAML rather than DSML?

Darran, Gavenraj,
I see a lot of discussion on using DSML as the basis for SPML. 

DSML is one possible starting point (Directories keep User Profiles, etc
--AND-- DSML is supposed to make directories talk to each other).

On the other hand, SAML is supposed to be able to transport all kinds of
"interesting" user profile info among various
sites/companies/applications/etc.  And, given that Project Liberty is
using SAML, and maybe WS-Security will be friendly to SAML, then in all
likelihood SAML will have a much more widespead usage than DSML.

That being the case ... it would be interesting to think about using
SAML as the basis for SPML.

Maybe someone more technical/knowledgeable than me can start a
discussion on this at SPML.


To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC