OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [Issue] Should Bindings be the subject of Confiormance


In most cases in adding issues to draft-sstc-saml-issues-05.doc I used text
provided by others. In a few cases, I added substantial new text which has
never been posed to the mailing list. As a courtesy to those who don't wish
to plow through the entire issues list, I am posting it retroactively.

Hal

ISSUE:[MS-3-01: BindingConformance]

Should protocol bindings be the subject of conformance? The bindings sub
group is defining both SAML Bindings and SAML Profiles. It has been proposed
that both of these would be the subject of independent conformance tests.

The following definitions have been proposed:

SAML Binding: SAML Request/Response Protocol messages are mapped onto
underlying communication protocols. (SOAP, BEEP)

SAML Profile: formats for combining assertions with other data objects.
These objects may be communicated between various system entities. This
might involve intermediate parties.

This suggests that a Profile is a complete specification of the SAML aspects
of some use case. It provides all the elements needed to implement a real
world scenario, including the semantics of the various SAML Assertions,
Requests and Responses. 

A Binding would simply specify how SAML Assertions, Requests and Responses
would be carried by some protocol. A Binding might be used as a building
block in one or more Profiles, or be used by itself to implement some use
case not covered by SAML. In the later case, it would be necessary for the
parties involved to agree on all aspects of the use case not covered by the
Binding.

Thus conformance testing of Bindings might be undesirable for two related
reasons:

	The number of independent test scenarios is already large. It seems
undesirable to test something that does not solve a complete, real-world
problem.

	Parties would be able to claim "SAML Conformance" by conforming to a
Binding, although they would not be able to actually interoperate with
others in a practical situation, except by reference to a private agreement.
This would likely draw a negative response from end users and other
observers.

The advantages of testing the conformance of Bindings include:

	Simplifying testing procedures when a Binding is used in several
Profiles that a given party wishes to conform to.

	Allow SAML to be used in scenarios not envisioned by the Profiles.

This was identified as F2F#3-2.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC