OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Suggested addition to core-19.doc, sec. 1.3.2.2



The text in section 1.3.2.2 of core-19.doc is a bit clearer (or more
vague?) on the use of NameIdentifier than I realized. It currently says:

"The interpretation of the security domain and the name are left to
individual implementations."

I suggest this wording:

"The interpretation of the security domain and the name are left to
individual implementations, including issues of anonymity, pseudonymity,
and the persistence of the identifier with respect to the asserting and
relying parties."

The reasoning for this is to call out a few issues in the
use/interpretation of names, in a generic sense, so that it's clear that
nothing in NameIdentifier communicates those semantics in-band. With
respect to "championing anonymity as a use case," it's demonstrably
possible to encode lots of different kinds of "names" inside
NameIdentifier, and this is intended to say "SAML says to do whatever
you want."

--------
  Scott Cantor               So long, and thanks for all the fish.
  cantor.2@osu.edu                  -- Douglas Adams, 1952-2001
  Office of Info Tech        PGP KeyID   F22E 64BB 7D0D 0907 837E
  The Ohio State Univ        0x779BE2CE  6137 D0BE 1EFA 779B E2CE



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC