OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Sesssions Concall Agenda


I am copying the general list in case anybody wants to comment.

1) What are the requirements?

I think we have the functional rqmnts down. We need to think about:

Robustness, do we need to worry about single point of failure, net
partition, etc?

Secureness, do we need: 1) bulletproof, 2) always stablizes within known
delay, 3) works except for certain system failures, 4) Advisory in nature,
works more often than not.

2 What do we produce?

Proposed answer:

Session Management Components (entities that send and receive session
messages)
Session messages, signicicant data fields, not necessarily format
Message flows and associated state transitions
Security Implications for RP
  How do I know if I have to worry about sessions?
  If yes, what do I have to do?

Of course, if anybody wants to fill in all the details, that's fine, but I
think this is the minimum to go forward with SAML 1.0 with any confidence.

3. Working method

Proposed Answer:

Somebody writes a short, simple draft and we poke holes in it. Using ITML as
a starting point is fine with me, but it needs to be stripped down, use std
terminology, take out Jamcracker refs, so the information stands out clearly

Hal


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC