[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: The Hal/David model
In the proposed model, I think that there's quite a lot of info represented
that is not part of SAML (at least as we speak), such as the objects called
"policy" and "other". Also, what is referred to as "ancillary processing"
(and the useless arrows) is mentioned as not being part of SAML, therefore
it should not need to be represented in the graphic either. On the other
hand, there's no mention of protocol and protocol binding in the graphic,
which is part of SAML (as we speak). I don't think the graphic represents a
"working architecture" as advertized, but rather a kind of workflow. Last
but not least, I do believe that credentials should be scoped in the SAML
spec, and I'm not sure what the status is on this.
Marc Chanliau
-----Original Message-----
From: Eve L. Maler [mailto:eve.maler@east.sun.com]
Sent: Monday, March 12, 2001 3:48 PM
To: security-services@lists.oasis-open.org
Cc: Darren Platt
Subject: Re: The Hal/David model
The graphic has been rendered into a number of different formats and given
a "proper" filename. The GIF version is now here (and you can find other
versions there as well):
http://www.oasis-open.org/committees/security/docs/draft-moses-arch-model-00
.gif
Sorry for any confusion,
Eve
At 12:03 PM 3/9/01 -0500, Eve L. Maler wrote:
>People who attended F2F #1 will recall the diagram that Hal Lockhart drew
>up on the whiteboard. It was something he and David Orchard came up with
>to help the use-case group settle on terminology and a rough model of the
>"things" we're discussing. Fred Moses worked from his notes to create the
>following electronic version, which reflects a bit more of the discussion
>we had that day:
>
> http://oasis-open.org/committees/security/docs/sstcach1.gif
>
>I'm sure we need more revisions to this diagram, but I would like to work
>towards consensus on the names for things and the relationships between
>them. Please use this thread to discuss it, and we will take it up as a
>topic at the 20 March telecon.
>
>For starters:
>
>- On Tuesday, we discussed separating each box so that there's no hint of
>chronology. This could mean, e.g., duplicating the "1" callout so that
>it's shown separately as the output of a credential collector and the input
>to an authentication authority.
>
>- I think the policy balloons should largely be in the "Not SAML" layer
>above. Or is the XACML discussion precisely about whether some of these
>balloons should be in scope? Can we give distinct names to the different
>types of policies?
>
>- What exactly do the input/output letters above refer to?
>
>- I think we *may* have consensus that the "SAML" box should cover more
>stuff to the left, e.g., it should cover the authentication
>authority. Comments?
>
>- Do we have consensus that SAML should cover the PEP box?
>
>Thanks to Fred for making this version; I think Hal and David should now
>take up any revisions we ask for.
>
> Eve
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Development eve.maler @ east.sun.com
------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: security-services-request@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC