OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [bindings] w.r.t. "two types of binding"

"Mishra, Prateek" wrote:
> 
> (1) I am comfortable with your characterization of "protocol
> binding" and the proposed use of the term "protocol binding" within
> the bindings doc.

Great. 

> (2) I am not quite so convinced about the term "service binding".

I apologize if I wasn't clear. I didn't mean to actually propose that we
use the term "service binding". I personally don't think it's usage is
well-established in practice, and that the practice that ~is~ apparently
emerging (in the context of ebXML and WSDL) is different than the sense in which
we're discussing apps (or whatever) making use of (portions of) SAML
(specifically: SAML Assertions). 


> The term "SAML Profile for XXXX" ... has a better sound to me (text 
> following suggestion 2). 

Super. Though, in looking at the example uses of "profile" that I cited in my
prior msg in this thread (RFCs 2222, 2459), it seems to me that one who's making
use of *SAML assertions* in some context ("Foo", say, and whether or not there
is some associated "Foo Protocol") would say things like..

  "We've specified the Foo profile of SAML."
  "Foo profiles SAML in order to..."
  "In the Foo SAML profile, we..."

This is subtlely different than the way you put it above. 


> But I have to say that I am puzzled by its use
> in the current context. The standard meaning of profile is:
> 
>         "a representation of something in outline;"
> OR
>      "an outline seen or represented in sharp relief"
> 
> (Merriam-Webster: http://www.m-w.com/cgi-bin/dictionary)
> 
> How does that correspond to the notion of calling out detailed rules
> for adding SAML assertions to some protocol or framework? Does
> the word have a specialized meaning in security or computer science?

It seems to me from what all I can dig up that this particular usage of
"profile" is emerging in the "protocol specification" space, tho I wouldn't be
surprised if it has been used in this or similar senses in CS research or
industry for a long time.

thanks,

JeffH

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC