Re: [provision] SAML 2.0 Profile of SPML 2.0 Submission v0.5

[Mary McRae <mary.mcrae@oasis-open.org>]

Hi Gary (et al),

  It happens to the best of us :)

  Pointers are fine when trying to refer to something outside of the TC. 

  Any and all contributions to a TC must either come directly from a TC member (whether an attachment to an email or a document uploaded to the repository) or from a non-TC member (whether OASIS member or not) via the TC comment list which requires subscription and acknowledgement of the feedback license. Since each TC has its own unique scope, contributions are typically weighed against that scope and IPR mode of the TC. Picking something up from outside those confines carries a degree of risk.

  For those not well-versed in the rules of OASIS, it is this same reason why you should never forward an email to the TC list from anyone who is not a member (NOTE: Observers are not members) of the TC but instead point them to the comment list.

  Kent points out that this may have, in fact, started out as a contributing to the PSTC; if that's indeed the case, hopefully a version of the document exists in the PSTC document or email archives.

  Alternatively, if some of the contributors are members of this TC and are confident that there are no claims from the other parties reading against this, they can contribute the work to this TC by each attaching a copy to an email message and sending to the TC list.

  For any further IPR Policy questions we should involve Jamie Clark, our legal counsel, in the conversation.

Regards,

Mary






On Sep 28, 2010, at 4:26 PM, Gary Cole wrote:

> Oops!  I'm sorry.  I did not know that I erred in copying the document to the PSTC list.  What is the rule?
> 
> IIRC, I reviewed for Jeff Bohren an earlier draft of this document.  During the time when Jeff and I were both on the PSTC, we discussed the need for a "federated provisioning"  profile of SPML based on SAML2 and we outlined the approach for such a profile.  We also discussed which would be the correct venue for such a proposal, and we decided that the proposal should be submitted to the SSTC, so that it would be perceived as a SAML initiative.
> 
> We're certainly not trying to steal anyone's IP.  When a member suggested that we develop a profile of SPML that used SAML attribute values as its payload, I asked whether anyone knew the status of the work at the SSTC.  Robin was kind enough to dig up the link for me.
> 
> A member has also posted a pointer to a working draft of the SSTC's Change Notify protocol.  Is this also a problem?  Participants have mentioned this as a proposal of interest to them.
> 
> We've also posted a link to a description of SAML2 meta-data.  At least one of our participants has suggested that we use SAML2 meta-data as a way of declaring which attributes a provider supports for particular operations.  Is that okay as long as SAML2 meta-data is a published product of another TC (rather than merely a submission to another TC)?
> 
> Gary
> 
> On Sep 28, 2010, at 2:28 PM, Mary McRae wrote:
> 
>> Hi Gary,
>> 
>> This document should not have been copied to the TC list; it was a submission to the Security Services TC and not to Provisioning. Please keep that in mind; unless submitted to this TC by the original proposers it should not be used as the basis for any Provisioning Services TC work.
>> 
>> Regards,
>> 
>> Mary
>> 
>> Mary P McRae
>> Director, Standards Development
>> Technical Committee Administrator
>> Member Section Administrator
>> OASIS: Advancing open standards for the information society
>> email: mary.mcrae@oasis-open.org
>> web: www.oasis-open.org
>> twitter: @fiberartisan  #oasisopen
>> phone: 1.603.232.9090
>> 
>> Standards are like parachutes: they work best when they're open.
>> 
>> 
>> 
>> 
>> On Sep 28, 2010, at 2:56 PM, Gary Cole wrote:
>> 
>>> Robin Cover located the draft submission to the SSTC of a Profile of SPMLv2 that was specific to SAMLv2.  (Thanks, Robin.)  I've attached that document in two formats: PDF and MS-Word (.doc).  Based on a quick scan, this looks very similar to the DSML Profile of SPMLv2, except that:
>>> - the PSO ID is a SAML NameIdentifier.
>>> - the PSO data consists of SAML Attribute elements.
>>> - for Schema used in listTargets, the profile defines 'objectClassDefinition' and 'attributeDefinition' elements.
>>> - for Search, the SAML profile defines its own elements to use in creating search filters.
>>> 
>>> In reading this draft submission, beware inconsistencies and possible typographical errors.  For example:
>>> - In some cases, 'objectClassDefinition' is 'objectDef'
>>> - In some cases, 'attributeDefinition' is 'attrDef'.
>>> - In some cases, 'NameIdentifier' is 'NameID'.
>>> - The example search response contains an <objectDef> element that it should not.
>>> - The search filter syntax may not be fully-baked.
>>> 
>>> 
>>> <SAMLv2-Profile-of-SPMLv2.doc>
>>> 
>>> 
>>> <SAMLv2-Profile-of-SPMLv2.pdf>
>>> 
>>> 
>>> 
>>> On Sep 15, 2010, at 10:07 AM, Robin Cover wrote:
>>> 
>>>> 
>>>> Re:
>>>>>> Also, wasn't there some work in the SAML TC to develop a SAML2 profile for SPML
>>>>>> (possibly related to Federation use-cases)?  Would that work be
>>>>>> related to this in any way? If so, what is the status of that work?
>>>>>> 
>>>>> I was not aware of this work. It does seem relevant. Would there be any pointers available?
>>>> 
>>>> Maybe this:
>>>> 
>>>> ---------------------------------------------------------------------------
>>>> 
>>>> SAML 2.0 Profile of SPML 2.0 Submission
>>>> June 01, 2007
>>>> 
>>>> Submitting Organizations
>>>> AOL
>>>> BMC Software
>>>> HP
>>>> Intel
>>>> Neustar
>>>> Sun Microsystems
>>>> Tripod Technology Group
>>>> 
>>>> http://lists.oasis-open.org/archives/security-services/200706/msg00001.html
>>>> http://lists.oasis-open.org/archives/security-services/200706/bin00000.bin
>>>> = SAML 2.0 Profile of SPML 2.0 Submission v0.5.pdf
>>>> http://lists.oasis-open.org/archives/security-services/200706/doc00000.doc
>>>> = SAML 2.0 Profile of SPML 2.0 Submission v0.5.doc
>>>> 
>>>> ---------------------------------------------------------------------------
>>>> 
>>>> - Robin
>>>> 
>>>> Robin Cover
>>>> OASIS, Director of Information Services
>>>> Editor, Cover Pages and XML Daily Newslink
>>>> Email: robin@oasis-open.org
>>>> Staff bio: http://www.oasis-open.org/who/staff.php#cover
>>>> Cover Pages: http://xml.coverpages.org/
>>>> Newsletter: http://xml.coverpages.org/newsletterArchive.html
>>>> Tel: +1 972-296-1783
>>>> 
>>>> 
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this mail list, you must leave the OASIS TC that
>>> generates this mail.  Follow this link to all your TCs in OASIS at:
>>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>> 
>