[provision] Provisioning Modeled as an Assertion Application

[Darran Rolls <Darran.Rolls@waveset.com>]

All

In our discussions around basing SPML on the SAML assertion framework,
we have to clearly address the following question; what is an assertion
application and is provisioning such an application?

Firstly, what is an assertion-based application?  One definition is "an
application built around the expression and evaluation of statements".
I'm interested to know if anyone has a different or more accurate
definition than this.

Based on the above, let me take a pass at answering the question, is
SPML about the evaluation of statements?   At first pass, one might
conclude no.  The SPML operations defined in the use cases do not feel
like statements, they feel more like "operations".  However, if one
considers the question at hand really to be, do we apply a statement
oriented applications model to SPML in order to gain a "specific
benefit", one has to more clearly address the trade off between the cost
of adopting this shift in thinking against the perceived benefit.  

List of costs (please add/comment)..
- Accept the basic statement model when native thinking is that we have
an operations/execution model
- Possible lack of clarity to our purpose
- ???

List of benefits as (please add/comment)...
- Re-use if/where possible
- Leverage security knowledge in current & future SAML specifications
- ??

I have asked for an opinion from the Security Joint Committee and
through that to the SecServices TC.  Their comments will be interesting
input to this discussion (but in no way binding in terms of its
conclusion).  I will forward their reply to the list.

--------------------------------------------------------
Darran Rolls                      http://www.waveset.com
Waveset Technologies Inc          drolls@waveset.com 
(512) 657 8360                    
--------------------------------------------------------