saml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [saml-dev] Which version to use?
- From: "Simon, Hank" <hank.simon@lmco.com>
- To: Jean-Noel Colin <jean-noel.colin@oxys.be>, saml-dev@lists.oasis-open.org
- Date: Mon, 18 Oct 2004 10:20:48 -0500
Jean-Noel -
My personal opinion is to build a modular approach with a
vendor that offers SAML. This will be SAML 1.1, but include in the bid and
design that migration to SAML 2.0 will be included in the architecture. Even
though SAML 2.0 is going to be ratified, I don't think it will be fully
supported until mid-2005. I think you requirements can be satisfied with SAML
1.1 and a security rules engine for authorization and policy
enforcement.
- Hank
Hello,
We are in the process of defining a Federated Identity Management framework
for a large European research project. Our idea is to rely on SAML to develop
our model and implementation. The question today is: which version to use? 1.1
or 2.0?
Our need are the following:
- the environment is made of eLearning environments (E), through which users
(U) access services (S) external to those E.
- one U is linked to a particular E
- S has to make sure that invoking U has been properly authenticated by
their environment, and is authorized
- S may be chained: S may invoke another S
- all exchanges are based on Web Services
I would be in favor of SAML 2.0, as it seems that the specification are
quite stable now, and ready to be approved as a standard, after the public
review phase.
What would be your recommendation?
Thanks for your help
Jean-Noel Colin
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]