OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Subject confirmation.

That's not what "confirm" means It means "be associated with for
the purposes of some profile"
So the profile defines the semantics. It's like the small print in a contract. If entities are contractually associated via some profile then the semantics are really important, especially considering SAML's banking pedigree. That's why I asked about the legal aspects of profiles. Perhaps John has views on this?

I have no idea what legal aspects might be involved in profiles, privacy and security but I just twitch a bit when a word I know so well in everyday life (confirm) can mean something completely different when my bank is using a profile upon which I am internet banking.

So there *must* be a clear definition of terms used within a profile when the profile spec is published, otherwise adopters of that profile are signing up for one thing but getting something completely different (potentially). Hence the legal stuff. I'm getting lost in legalese now... I'm off to get ready for jasig!


On 29 Nov 2005, at 23:53, Scott Cantor wrote:

"The holder of the key named "By-Tor" or the holder of the key named "Snow
Dog" can confirm itself as the subject".

That's why I thought "proxy" as whatever entity has one of those keys may
or may not "be" the subject (confirm itself as the subject).

That's not what "confirm" means, though. It means "be associated with for
the purposes of some profile", at least that's always been my take.

In Web SSO, there's no notion but bearer and equality. Since there are no
other profiles...

So it seems that the SAML semantics are open to interpretation depending
on what profile is in use. They're context sensitive. By defining a new
profile you can redefine the semantics but within the global SAML core

SAML core (and bindings) are really the only things you can't change via
profile. By definition, profiles are what define the complete set of
semantics, and that's their purpose.

Just out of interest, was there any legal input to the SAML specs?

None I know of. Nor of most other specs, I'd imagine. Is that a bad thing?

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]