Re: [regrep] [RS Issue] Internal Vs. External Users

["David Webber \(XML\)" <david@drrw.info>]

Matt,

That's your implementation - there's at least 8 implementations
I know to that are using the org / user model already and its
working for them - so we would not want to break that.

DW

----- Original Message ----- 
From: "Matthew MacKenzie" <mattm@adobe.com>
To: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>
Cc: <regrep@lists.oasis-open.org>
Sent: Sunday, January 23, 2005 5:18 PM
Subject: Re: [regrep] [RS Issue] Internal Vs. External Users


> Farrukh Najmi wrote:
>
> >
> > We have had Users, Organizations, Roles and Groups for several
> > releases. I agree that over time we need to remove these and align
> > with SAML and other security standards to define their replacement.
> >
> > I feel strongly however that we should not do this in version 3 since
> > these would be major changes which I believe are too late to do at
> > this stage in version 3. I propose we defer any changes in this area
> > to version 4.
>
>
> We could start phasing it out now though.  I think there are some
> AdhocQueries that could be phased out.  Or not.  Our implementation just
> gives you an error if you try to add users, and I'd like to throw an
> error when someone asks for a list of users -- but I don't _have_ to.
>
> >
> >>
> >> -Matt
> >>
> >>
> >>
> >>
> >>
> >> David Webber (XML) wrote:
> >>
> >>> Matt,
> >>>
> >>> OK. So this is over an above the SSO SMP support
> >>> that Farrukh noted that we have already.
> >>>
> >>> I'm trying to understand the use case here a bit
> >>> better.  With the SAML SSO request its clear
> >>> that a user to trying to authentic using the SAML
> >>> services.  So - we need to boot strap that - what
> >>> happens the first time a user logs in  - and we
> >>> do not know they have a SSO account yet?
> >>>
> >>> Brainstorming here - they go to "create new registry user" -
> >>> and there they will have the chance to select "Use existing SSO
> >>> account", etc.
> >>>
> >>> I'm trying to see why the registry would need to query for
> >>> a whole list of users - unless its a help function - to prompt
> >>> the user to pick an existing account from a list?  Obviously
> >>> that is prone to security violations and brute force password
> >>> attacks...
> >>>
> >>> DW
> >>>
> >>> ----- Original Message ----- From: "Matthew MacKenzie"
> >>> <mattm@adobe.com>
> >>> To: "David Webber (XML)" <david@drrw.info>
> >>> Cc: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>;
> >>> <regrep@lists.oasis-open.org>
> >>> Sent: Monday, January 24, 2005 8:31 AM
> >>> Subject: Re: [regrep] [RS Issue] Internal Vs. External Users
> >>>
> >>>
> >>>
> >>>
> >>>> Not exactly David.  SAML is not the whole story.  How does a SAML
> >>>> assertion parlay into a list of users when a registry client makes
> >>>> a request asking for User instances?
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >> To unsubscribe from this mailing list (and be removed from the roster
> >> of the OASIS TC), go to
> >>
http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php.
> >>
> >>
> >
> >
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php.
>
>
>