OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Removal of Requesters - RE: [security-services] Minutes for f ocusgroup, Tuesday 12 Mar 2002


Title: Re: Removal of Requesters - RE: [security-services] Minutes for focus group, Tuesday 12 Mar 2002

I object to both the process and result of this item. I dropped off the concall at the end of the official session, under the assumption that NO OFFICIAL VOTE COULD BE TAKEN.

First of all, the requesters are in draft-sstc-conform-spec-11.doc so this is inconsistent with that.

Second, how is anybody using their responders without requesters?

Third, is it the really the case that removing these three categories will help us achieve our statement of use? Are there really a bunch of people who building responders, but not requesters? I would be very interested to understand the logic here. We for example, do not intend to sell and AuthN Decision Requester, but we plan to build one for testing purposes.

Finally, a requester is much simpler than a responder. Only a few fields are required and errors can be reported by simply displaying them to the user. At one point last summer there was talk of an open source implementation of a extremely simple requester. Even building an Apache Web Server Filter that made SAML requests would not be a big project. Don't we have any ambitious college students out there? Remember that companies claiming "use" can be using the same (public) implementation.

I guess if somebody tells me this will really help us meet the "use" goal sooner, I will shut up. But I do object in principle the the reversal of what I took as an official TC decision by a small group after the TC had ajourned.

Hal


> - referenced message:
>   < http://lists.oasis-open.org/archives/security-services
>     /200202/msg00099.html >
> - Eve: mainly questioning the requestor lines, since it is a *user* of
>   a SAML authority, rather than the SAML authority
> - Scott: you won't have companies claiming usage of an authority
> - Jeff: if you implement the browser artifact profile consumer, you
>   seem to be implementing the first item
> - Scott: you've got to fulfill the contract of SSO
> - Rob: interpreted this differently, that it was useful to test the
>   generation of these requests
> - Scott: spirit of goal is to tell OASIS that "spec is in use"
> - Jeff: if it makes the job easier, and it meets the spirit of the
>   requirements of use, he's in favor of not mentioning unnecessary
>   lines
> - Jeff: are there objections to removing the first three lines?
> - no objections
> - Eve to resend to list without those lines
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC