OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: What shall we name our specification(s)?

Yes, but I thought that since we're designing
more than just a ML (e.g. we're attributing it with
protocol semantics) that the "ML" in the name was 
too constraining.

SAXP or Security Assertion eXchange Protocol would be
closer to what we're about, IMHO.

Of course, this name omits the "Service" aspect
which is, I believe, one of the compelling aspects
of all of this work. Defining an interoperable service
"interface" (the Auth/Az Request/Response pairs) is as important
an aspect as the exchange of the assertions themselves
as it will allow for the development/migration of applications
that can delegate these (Auth o/e) functions to a blankety-blank 
compliant service provider.

Maybe Security Assertion Service and eXchange Protocol

My $0.02,


George_Robert_Blakley_III@tivoli.com wrote:
> I second Marc's nomination here (in fact I think I suggested the same
> thing).  I think "SAML" is the most descriptive
> and accurately-scoped alternative.
> --bob
> Bob Blakley
> Chief Scientist, Security
> Tivoli Systems, Inc.
> "Chanliau, Marc" <MChanliau@netegrity.com> on 01/29/2001 03:56:11 PM
> To:   "Orchard, David" <dorchard@jamcracker.com>, Philip Hallam-Baker
>       <pbaker@verisign.com>, "'Eve Maler'" <eve.maler@east.sun.com>,
>       security-services@lists.oasis-open.org
> cc:
> Subject:  RE: What shall we name our specification(s)?
> How  about SAML (Security Assertion Markup  Language).
> Marc Chanliau
> -----Original Message-----
> From: Orchard, David  [mailto:dorchard@jamcracker.com]
> Sent: Monday, January 29, 2001 4:44  PM
> To: Philip Hallam-Baker; 'Eve Maler';
> security-services@lists.oasis-open.org
> Subject: RE: What shall we  name our specification(s)?
> I  know you are keen on getting the focus on authorization, but I'm not too
> interested in dropping authentication and keeping authorization.  Either
> authent +author, or neither would be my interest.
> Dave
> -----Original Message-----
> From: Philip Hallam-Baker  [mailto:pbaker@verisign.com]
> Sent: Monday, January 29, 2001 12:23  PM
> To: 'Eve Maler';  security-services@lists.oasis-open.org
> Subject: RE: What shall we  name our specification(s)?
> My  objection to A2ML was that specifying Authentication in the name to me
> implies that we would be supporting authenticated key exchange, which is
> something I don't want to do in an OASIS group, that is something I would
> prefer to do in a closed group of cryptographers and network security
> protocol engineers.
> On  the other hand "Authorization Assertion Markup Language" would have the
> initials A2ML, thus indicating the warm touchy feely get together vibes
> people want, being clearly a descendent of S2ML and Auth XML (whose current
> voting success I take note of).
> Does anyone else have definite feelings towards the  binding of the second
> A?
>          Phill
org:Sun Microsystems, Inc;XML Technology Development
adr:;;One Network Drive;Burlington;Ma;01824-0903;USA
title:Sr. Staff Engineer
fn:Christopher Ferris

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC