security-services message

Subject: [security-services] [Fwd: Some Potential Future SAML Features for YourConsideration]

From: Jeff Hodges <Jeff.Hodges@sun.com>
To: oasis sstc <security-services@lists.oasis-open.org>
Date: Tue, 30 Apr 2002 09:43:47 -0700

Here's the raw list I mentioned on the call today. We should step through this
list and categorize the items into categories such as..

 * new profile of SAML
 * new use-case of SAML
 * new SAML feature
 (other categories?)

of course all the items we brainstormed on the call should also be so
categorized.

thanks,


JeffH

--- Begin Message ---

From: James Kobielus <jkobielus@burtongroup.com>
To: "'Jeff.Hodges@sun.com'" <Jeff.Hodges@Sun.COM>
Date: Wed, 3 Apr 2002 13:44:07 -0700

Jeff:

As promised, here's the preliminary list of potential future SAML features,
as identified through discussions with various members of the OASIS SSTC:

*	SOAP SAML profile
*	Encryption of SAML assertions via XML Encryption
*	SAML explicit reference to XACML policy-definition language
*	SAML implementation guidelines and implementation profiles/subsets
*	SAML use-case and profiles for authorization service 
*	SAML use-case and profiles for application-to-application, B2B, and
back-office transactions
*	SAML use-case for multilevel access controls
*	SAML use-case for multi-participant transactional workflows
*	SAML credentials collector and credentials assertions
*	SAML session authority, session assertions, and dynamic
session-management (login/logout) mechanisms that operate across domains
*	Definition of core/baseline assertion attributes (e.g., roles) that
can be understood, by default, among federated SAML domains
*	Hierarchical delegation of privileges among federated attribute
authorities 
*	Mechanisms for SAML-enabled servers to define mutual trust
relationships and authenticate each other
*	Mechanisms for caching or storing SAML assertions persistently at
two or more federated sites
*	Standard language for expressing role-based access controls enforced
by infrastructure servers
*	Standard language for expressing security processing workflow
definitions enforced by trusted servers
*	Assurance levels for authentication contexts associated with various
SAML authentication assertions
*	Privacy and anonymity features such as defined under Shibboleth
(e.g., attribute release policies, attribute acceptance policies, "where are
you from?"/handler service)
*	Support for Passport and Liberty Alliance authentication and subject
confirmation methods in SAML
*	SAML site/service/profile/binding discovery through integration with
UDDI, WSDL, and DNS/SRV RR
*	SAML integration of ebXML Message Service Specification (MSS)
extensions to SOAP 1.1 for reliable, guaranteed messaging
*	SAML support for wireless browser profiles over WAP/WSP/WTP/WTLS

Jim

James Kobielus
Senior Analyst
		Burton Group
6006 John Roccato Court
		Alexandria VA 22310
		703-924-6224 (phone and fax)
				USA Eastern timezone (GMT-5; Washington DC
area) 
www.burtongroup.com
"Driving Network Evolution"
		 Hope we see you at Burton Group's Catalyst 2002!
"Breakthroughs come from pressure and patience applied persistently over
time and obstacles."--jgk
"Success is just one long street fight."--Milton Berle

--- End Message ---