[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [regrep] [RS Issue] Internal Vs. External Users
Matt, That's your implementation - there's at least 8 implementations I know to that are using the org / user model already and its working for them - so we would not want to break that. DW ----- Original Message ----- From: "Matthew MacKenzie" <mattm@adobe.com> To: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM> Cc: <regrep@lists.oasis-open.org> Sent: Sunday, January 23, 2005 5:18 PM Subject: Re: [regrep] [RS Issue] Internal Vs. External Users > Farrukh Najmi wrote: > > > > > We have had Users, Organizations, Roles and Groups for several > > releases. I agree that over time we need to remove these and align > > with SAML and other security standards to define their replacement. > > > > I feel strongly however that we should not do this in version 3 since > > these would be major changes which I believe are too late to do at > > this stage in version 3. I propose we defer any changes in this area > > to version 4. > > > We could start phasing it out now though. I think there are some > AdhocQueries that could be phased out. Or not. Our implementation just > gives you an error if you try to add users, and I'd like to throw an > error when someone asks for a list of users -- but I don't _have_ to. > > > > >> > >> -Matt > >> > >> > >> > >> > >> > >> David Webber (XML) wrote: > >> > >>> Matt, > >>> > >>> OK. So this is over an above the SSO SMP support > >>> that Farrukh noted that we have already. > >>> > >>> I'm trying to understand the use case here a bit > >>> better. With the SAML SSO request its clear > >>> that a user to trying to authentic using the SAML > >>> services. So - we need to boot strap that - what > >>> happens the first time a user logs in - and we > >>> do not know they have a SSO account yet? > >>> > >>> Brainstorming here - they go to "create new registry user" - > >>> and there they will have the chance to select "Use existing SSO > >>> account", etc. > >>> > >>> I'm trying to see why the registry would need to query for > >>> a whole list of users - unless its a help function - to prompt > >>> the user to pick an existing account from a list? Obviously > >>> that is prone to security violations and brute force password > >>> attacks... > >>> > >>> DW > >>> > >>> ----- Original Message ----- From: "Matthew MacKenzie" > >>> <mattm@adobe.com> > >>> To: "David Webber (XML)" <david@drrw.info> > >>> Cc: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>; > >>> <regrep@lists.oasis-open.org> > >>> Sent: Monday, January 24, 2005 8:31 AM > >>> Subject: Re: [regrep] [RS Issue] Internal Vs. External Users > >>> > >>> > >>> > >>> > >>>> Not exactly David. SAML is not the whole story. How does a SAML > >>>> assertion parlay into a list of users when a registry client makes > >>>> a request asking for User instances? > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >>> > >> > >> > >> To unsubscribe from this mailing list (and be removed from the roster > >> of the OASIS TC), go to > >> http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php. > >> > >> > > > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]