OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] [Fwd: Some Potential Future SAML Features for YourConsideration]

Here's the raw list I mentioned on the call today. We should step through this
list and categorize the items into categories such as..

 * new profile of SAML
 * new use-case of SAML
 * new SAML feature
 (other categories?)

of course all the items we brainstormed on the call should also be so


--- Begin Message ---

As promised, here's the preliminary list of potential future SAML features,
as identified through discussions with various members of the OASIS SSTC:

*	SOAP SAML profile
*	Encryption of SAML assertions via XML Encryption
*	SAML explicit reference to XACML policy-definition language
*	SAML implementation guidelines and implementation profiles/subsets
*	SAML use-case and profiles for authorization service 
*	SAML use-case and profiles for application-to-application, B2B, and
back-office transactions
*	SAML use-case for multilevel access controls
*	SAML use-case for multi-participant transactional workflows
*	SAML credentials collector and credentials assertions
*	SAML session authority, session assertions, and dynamic
session-management (login/logout) mechanisms that operate across domains
*	Definition of core/baseline assertion attributes (e.g., roles) that
can be understood, by default, among federated SAML domains
*	Hierarchical delegation of privileges among federated attribute
*	Mechanisms for SAML-enabled servers to define mutual trust
relationships and authenticate each other
*	Mechanisms for caching or storing SAML assertions persistently at
two or more federated sites
*	Standard language for expressing role-based access controls enforced
by infrastructure servers
*	Standard language for expressing security processing workflow
definitions enforced by trusted servers
*	Assurance levels for authentication contexts associated with various
SAML authentication assertions
*	Privacy and anonymity features such as defined under Shibboleth
(e.g., attribute release policies, attribute acceptance policies, "where are
you from?"/handler service)
*	Support for Passport and Liberty Alliance authentication and subject
confirmation methods in SAML
*	SAML site/service/profile/binding discovery through integration with
*	SAML integration of ebXML Message Service Specification (MSS)
extensions to SOAP 1.1 for reliable, guaranteed messaging
*	SAML support for wireless browser profiles over WAP/WSP/WTP/WTLS


James Kobielus
Senior Analyst
		Burton Group
6006 John Roccato Court
		Alexandria VA 22310
		703-924-6224 (phone and fax)
				USA Eastern timezone (GMT-5; Washington DC
"Driving Network Evolution"
		 Hope we see you at Burton Group's Catalyst 2002!
"Breakthroughs come from pressure and patience applied persistently over
time and obstacles."--jgk
"Success is just one long street fight."--Milton Berle 

--- End Message ---

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC