OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Request for clarification


Title: RE: Request for clarification

Thanks
Shirley

-----Original Message-----
From: RL 'Bob' Morgan [mailto:rlmorgan@washington.edu]
Sent: Thursday, July 26, 2001 4:32 PM
To: Kawamoto, Shirley
Cc: OASIS Security Services TC
Subject: RE: Request for clarification



> I'm a little confused about your description. It sounded to me as
> though you were saying that the Credentials Assertion is still being
> handled by SAML only by a different sub group. On the other hand, it
> sounds as though the actual authentication sequence is outside of
> SAML.  Could you please clarify?

My impression of the situation is that a majority of the committee is of
the opinion that standardizing the part of the domain model that deals
with the Credentials Collector, its interaction with a client, and its
interaction with other Authorities (in particular the Authentication
Authority) is not needed for SAML 1.0.  Their arguments are (more or less)
that this area has lots of authentication-method-specific messiness to it
that would make it difficult to complete, and that there is not a strong
requirement for SAML-specified interoperability because
credentials-handling functions are handled well enough already by other
existing protocols (eg LDAP, RADIUS, Kerberos, SSL, etc).

The subgroup that Hal mentions feels that there is a strong
interoperability requirement for SAML to meet, and that a reasonable
proposal can be produced and agreed to.  They were encouraged to develop
this and submit it to the committee but to my knowledge have not done so.

 - RL "Bob"



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC