OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01

Not sure. Andrew do you want to follow through with this ? As I indicated
earlier, Sun would probably be able to support this proposed scenario, but it
all depends on how many other vendors would like to participate in
this extension.



>From: "Mishra, Prateek" <pmishra@netegrity.com>
>To: "'Andy Fetterer'" <afetterer@crosslogix.com>, "'Bhavna Bhatnagar'" 
<bhavna.bhatnagar@Sun.COM>, saml-dev@lists.oasis-open.org
>Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01
>Date: Fri, 10 May 2002 17:58:44 -0400
>MIME-Version: 1.0
>Is there closure on the proposed scenario? I am not sure
>I follow exactly what is being proposed here. A re-spin would
>be helpful, I could then add it to the official demo. doc.
>- prateek
>-----Original Message-----
>From: Andy Fetterer [mailto:afetterer@crosslogix.com]
>Sent: Thursday, May 09, 2002 12:56 PM
>To: 'Bhavna Bhatnagar'; saml-dev@lists.oasis-open.org; Andy Fetterer
>Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01
>Bhavna / Scott - 
>Thanks for reviewing the document and making suggestions. 
>In terms of how the attribute assertion is passed to the authorization
>authority, would the third proposal make the most sense?  I don't think that
>the expiration range would have to be unreasonably long.  
>I intended for the attribute to be required as part of the authorization
>query (e.g. the receiver must be able to process it), but its use in
>determining the response to the query was not required.  My concern was that
>not all authorization authorities would be able to support external
>attributes but I agree that we the requirement I wrote can be strengthened.
>That being said, should we require that the attribute be used in evaluation
>or not pass the attribute as part of the query?  I would prefer to use the
>attribute since it presents a stronger demonstration of interoperability
>between systems but would like to hear from the sub-group working on the
>authorization queries.
>-----Original Message----- 
>From: Bhavna Bhatnagar [ mailto:bhavna.bhatnagar@sun.com
><mailto:bhavna.bhatnagar@sun.com> ] 
>Sent: Thursday, May 09, 2002 8:49 AM 
>To: saml-dev@lists.oasis-open.org; afetterer@crosslogix.com 
>Subject: Re: [saml-dev] 
>Thanks for writing this up. I have a few comments/suggestions embedded. Not
>if all can access the doc, since I edited it in staroffice. Here is 
>the text I have embedded: 
>AS part of the original specification by prateek what comes as the SSO
>during SSO has an authentication statement and the attribute statement
>the MembershipLevel attribute. Since there is no separate attribute
>coming down as part of the SSO, one would have to either: 
>1.Make an attribute query to the AA, and on receving the attribute
>use that as Evidence when making the proposed Authz query. ( this does not
>sense since the receiver of the SSO assertion already has the attribute 
>2. Create an attribute assertion from the attribute statement received as
>of the SSO Assertion and use that as Evidence. ( dont think this is SOAP
>though, someone please confirm) 
>3.Use the same SSO Assertion as received during the SSO, which also holds
>attribute statement as the Evidence, but then this may have expired. We
>keep the expiration range to be long enough so that the assertion is alive
>the whole round trip demo. 
>If its upto vendor to use/not use the attribute assertion, what's  the point
>making it ? 
>We need to refine this part to choose one of the 3 options or any other 
>alternatives. I think option 3 is more viable. 
>Thoughts ? 
>>Content-return: allowed 
>>Date: Wed, 08 May 2002 12:43:56 -0700 
>>From: Andy Fetterer <afetterer@crosslogix.com> 
>>Subject: [saml-dev] 
>>To: saml-dev@lists.oasis-open.org 
>>MIME-version: 1.0 
>>List-Owner: < mailto:saml-dev-help@lists.oasis-open.org
><mailto:saml-dev-help@lists.oasis-open.org> > 
>>List-Post: < mailto:saml-dev@lists.oasis-open.org
><mailto:saml-dev@lists.oasis-open.org> > 
>>List-Subscribe: < http://lists.oasis-open.org/ob/adm.pl
><http://lists.oasis-open.org/ob/adm.pl> >, 
>< mailto:saml-dev-request@lists.oasis-open.org?body=subscribe
><mailto:saml-dev-request@lists.oasis-open.org?body=subscribe> > 
>>List-Unsubscribe: < http://lists.oasis-open.org/ob/adm.pl
><http://lists.oasis-open.org/ob/adm.pl> >, 
>< mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe
><mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe> > 
>>List-Archive: < http://lists.oasis-open.org/archives/saml-dev/
><http://lists.oasis-open.org/archives/saml-dev/> > 
>>List-Help: < http://lists.oasis-open.org/elists/admin.shtml
><http://lists.oasis-open.org/elists/admin.shtml> >, 
>< mailto:saml-dev-request@lists.oasis-open.org?body=help
><mailto:saml-dev-request@lists.oasis-open.org?body=help> > 
>>List-Id: <saml-dev.lists.oasis-open.org> 
>Bhavna Bhatnagar                                Sun Microsystems Inc.
>Identity Management group        __o 
>Tel: 408-276-3591              _`\<,_   
>                              (*)/ (*) 
> ________________________________________________________________________ 

Bhavna Bhatnagar                		Sun Microsystems Inc.		 
Identity Management group	 __o
Tel: 408-276-3591              _`\<,_	
                              (*)/ (*)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC