OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] RE: [security-services] Points to Make to the Pres sAbout the Int erop (and SAML generally )

Title: RE: [security-services] Points to Make to the Press About the Int erop (and SAML generally )
I am not sure specifically what you are referring to. Can you cite a document section?
[Prateek Mishra] 


The interOp document describes a set of flows and uses a set of terms to explain them. We need to

get these terms in front of the press so that they have something concrete they can connect to. The latest
version of the interOp document is:


I know what the document is, I asked what section you mean. Specifically section 1.7 is titled "Supported Flows"  but I don't think it is what you mean.



>Most press people actually have only a modest idea what the concept of federation
>actually means in
>a practical way. I will add some slides to the current presentation so as to illustrate
>the concept in some detail.

Actually my point on Federated Identity is not actually a part of the demonstration, since for any given session, there is only one Attribute Authority.
[Prateek Mishra]

I disagree. There are two authorities involved in the flow --- the "portal" and the "content site"
and the session is determined by a collaboration bewteen these two.
 I would strongly argue that this
is an example of federation between the two parties. 

Perhaps this is an area we will just disagree on, but let me try to state it differently. What the demo does can be done and is being done today by products such as Site Minder and AssureAccess. What is new is the ability to mix vendors. Federated Identity as it is being used in the press to refer to things like Passport vs. Liberty means what I said. 

 The point I was trying to make, put in baldest terms is this: Microsoft proposed that everybody give them all their information which they would in one place and thus make it much more convenient to use the Internet. The world rejected this approach for a variety of reasons and not just because it was Microsoft. It is now largely agreed that it is neither desirable nor necessary to move all user information to one spot, if there is a technical means to communicate that information to interested parties. SAML provides that means and has encompassed this idea in its Domain Model since the very beginning.
[Prateek Mishra] 

Hal, this is all excellent stuff but it primarily makes sense to security architects not to press people. I want to be very clear that I view your comments as very important but I also to want to make sure that the precise flows illustrated in the demos are
drilled into the minds of the press people. 

Here we are 180 degrees apart. The press is not going to be interested in whether the artifact flows to the application or the assertions are delivered via SNA. What the press wants to know is whose world view is winning? Is the world going to be where one party or a small number hold all the cards or is it a Federation of equals with distributed controls. Is it the (now rejected) Hailstorm view of the world or the Project Liberty view of the world. 

The way I describe this in public is that today, my doctor knows certain things about me, my broker knows other things about me and my mechanic knows still other things about me. Each of them is the best person to hold that information and make sure it is kept up to date. There is no need to drag all that information to a central point and then try to somehow keep it accurate. The only reason for doing that (other than business advantages to the keeper of the repository) would be if it were the only way to make use of that information. However, with SAML we have the means to distribute the information from those who maintain it to those who need it. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC