[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-conform] discussion of conformance clause
-----Original Message-----
From: Krishna Sankar [mailto:ksankar@cisco.com]
Sent: Sunday, October 28, 2001 8:38 PM
To: Eve L. Maler; Robert Griffin
Cc: 'jacques'; Robert Griffin; security-conform@lists.oasis-open.org;
lynne.rosenthal@nist.gov; mark.skall@nist.gov
Subject: RE: [security-conform] RE: Conformance Clause samples?
Hi,
Couple of quick answers :
|
| - I don't think we should get into describing the certification option
| until such time as someone signs up to actually do certification. We're
| not committed to this ourselves, are we?
|
<KS>
Nope. Certification Authority is outside OASIS's charter, as I know of it,
couple of months ago. I think it pertains to legal/liability issues than
anything else.
</KS>
| - I think we can't use "profile" for partition. Partition is
| okay, but if the list of "things" you can be contains only authority
types, maybe we
| should just call it that.
<KS>
I like authority types better than Partition. Profile is the best word, but
we deferred it to the bindings group :o(
</KS>
|
| - On the subject of authority types, if a system "produces" SAML
| requests, does it have a name? Does that name need to be listed as a
"partition"
| option? In other words, does producer/consumer only refer to
| assertions, or are requests and responses covered as well?
<KS>
Consumer includes the request as well. But I think it would be a good idea
to state that. Will do.
</KS>
|
| - Is an authorization authority the same thing as a PDP?
|
<KS>
Yep. The authorities need to be rationalized with the current spec.
</KS>
| - We haven't normatively defined session authorities yet, have we?
|
<KS>
Nope.
</KS>
| - Why do the matrices actually have "y" filled out in them? The
| conformance of a particular system would have a pattern of "y"
| and "n", right?
|
<KS>
Yep. The matrix would be filled in by the potential vendor, with Y or N as
supported by their implementation.
</KS>
| - What if you just use SAML assertions in a particular profile with some
| request/response protocol of your own devise, i.e. without using
| the SAML
| request/response structure? Is this covered somehow in the
| matrices? (Oh,
| wait. Is this the same as Section 2 item #1?)
|
<KS>
Yep. But this is still a question. The producer and consumer has to do
request or response as specified by the bindings. (We need to think thru on
this.)
</KS>
| - Sections 1.1.2 and 1.1.3 are excellent stuff. Note that many of the
| occurrences of "can" probably want to be "may".
|
<KS>
Can you help us with the "CAN"s and "MAY"s ?
</KS>
| - Regarding Section 2 item #3, I think the granularity should be at the
| partition level if we can manage it.
|
<KS>
yep.
</KS>
| If I'm poking at the right kinds of things, I'd be happy to try
| to sketch some wording to match them.
|
<KS>
Good. Would appreciate any and all words.
</KS>
| Eve
|
| At 09:29 AM 10/28/01 -0500, Robert Griffin wrote:
|
| >hi Jacques -
| >
| >I've attached the current SAML Conformance Clause (this is
| included in the
| >larger SAML Specification) and the Conformance Program Spec
| (which remains
| >a separate document). Both are incomplete (the Program Spec
| especially),
| >while we work towards nailing down the details of the SAML spec. But
| >they'll give you at least an idea of what we're driving toward.
| >
| >regards,
| >
| >bob
| >
| >
| >-----Original Message-----
| >From: jacques [<mailto:jacques@savvion.com>mailto:jacques@savvion.com]
| >Sent: Friday, October 26, 2001 9:49 PM
| >To: Robert.Griffin@entrust.com
| >Cc: jacques@savvion.com
| >Subject: Conformance Clause samples?
| >
| >Hi Robert:
| >
| >Lynne R. forwarded me to you for getting some suggestion and samples of
| >conformance Clause,
| >as we are currently drafting conformance clauses for ebXML specs.
| >I just would like to see the kind of wording and issues addressed in the
| >conf clause
| >of some other specs, how levels / profiles are defined, etc.
| > (already got some of this in Security Service Markup Language
| spec. Any
| >other document I could
| >look at? I have the OASIS requirement guidelines too.)
| >
| >Thanks,
| >
| >Jacques Durand
| > Savvion,
| > Chair of the Conformance Clause working group
| > in the ebXML Interop., Implementation and Conformance (IIC)
| committee.
| >
| >
|
| --
| Eve Maler +1 781 442 3190
| Sun Microsystems XML Technology Center eve.maler @ sun.com
|
|
| ----------------------------------------------------------------
| To subscribe or unsubscribe from this elist use the subscription
| manager: <http://lists.oasis-open.org/ob/adm.pl>
|
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC