[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: wrt vote on SAML spec set? (was: Re: [security-services] sstc websiteupdated)
Hi Don -- Good question thanks -- I'll copy security-services to help spread the word here. the schedule was in Karl's review announcement msg.. > The review will take place from 1 July to 30 > September 2002, and I will call for a vote on 1 October 2002; each > OASIS member organization will have a single vote on the ballot. [OASIS members] SAML Committee Specification for consideration asOASIS Standard http://lists.oasis-open.org/archives/members/200207/msg00001.html (also attached below) ..so the voting period begins next week! JeffH > -------- Original Message -------- > Subject: [OASIS members] SAML Committee Specification for consideration asOASIS Standard > Date: Mon, 01 Jul 2002 08:27:10 -0400 > From: "Karl F. Best" <karl.best@oasis-open.org> > To: members@lists.oasis-open.org, tc-announce@lists.oasis-open.org > > OASIS members: > > The OASIS Security Services TC has submitted the SAML V1.0 > specification, which is an approved Committee Specification, for > review and consideration for approval by OASIS members to become an > OASIS Standard. In accordance with Section 2 of the OASIS Technical > Process (see http://www.oasis-open.org/committees/process.shtml#sec2), > OASIS members have one calendar quarter to review this submission then > 30 days for voting. The review will take place from 1 July to 30 > September 2002, and I will call for a vote on 1 October 2002; each > OASIS member organization will have a single vote on the ballot. > > During the member review period comments may be sent to the TC via the > TC's comment list at security-services-comment@lists.oasis-open.org. > You must subscribe to the list first before posting; go to > http://lists.oasis-open.org/ob/adm.pl > > The OASIS TC has supplied the following required items for OASIS > members to review: > > ------------ > > As a result of a unanimous vote of the Security Services Technical > Committee conducted on Tuesday 28 May 2002, the TC co-chairs hereby > submit the SAML 1.0 specification for consideration as an OASIS > Standard. > > Pursuant to the process stipulated in Section 2 of the OASIS Technical > Committee Policy, the TC has published: > > (a) A formal specification that is a valid member of its type. > (b) Appropriate documentation for the specification. > > This material, in the currently recommended OASIS format, is available > on the TC web site at > http://www.oasis-open.org/committees/security/#documents > > These are the normative documents related to the specification. > > * Assertions and Protocol > http://www.oasis-open.org/committees/security/docs/cs-sstc-core-01.pdf > > * Assertion Schema > http://www.oasis-open.org/committees/security/docs/cs-sstc-schema-asse > rtion-01.xsd > > * Protocol Schema > http://www.oasis-open.org/committees/security/docs/cs-sstc-schema-prot > ocol-01.xsd > > * Bindings and Profiles > http://www.oasis-open.org/committees/security/docs/cs-sstc-bindings-01 > .pdf > > * Conformance Program Specification > http://www.oasis-open.org/committees/security/docs/cs-sstc-conform-01. > pdf > > * Glossary > http://www.oasis-open.org/committees/security/docs/cs-sstc-glossary-01 > .pdf > > > Non-normative information related to the specification: > > * Security and Privacy Considerations > http://www.oasis-open.org/committees/security/docs/cs-sstc-sec-conside > r-01.pdf > > * Open issues summary document > http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-iss > ues-status-06.pdf > > * Issues list > http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-iss > ues-12.pdf > > * Errata document describing changes from the 00 to the 01 revision > http://www.oasis-open.org/committees/security/docs/draft-sstc-cs-errat > a-04.pdf > > > > (c) A clear English-language summary of the specification. > > The Security Assertion Markup Language (SAML) is an XML-based > framework for exchanging security information. This security > information is expressed in the form of assertions about subjects, > where a subject is an entity (either human or computer) that has an > identity in some security domain. A typical example of a subject is a > person, identified by his or her email address in a particular > Internet DNS domain. > > Assertions can convey information about authentication acts performed > by subjects, attributes of subjects, and authorization decisions about > whether subjects are allowed to access certain resources. Assertions > are represented as XML constructs and have a nested structure, whereby > a single assertion might contain several different internal statements > about authentication, authorization, and attributes. Note that > assertions containing authentication statements merely describe acts > of authentication that happened previously. > > Assertions are issued by SAML authorities, namely, authentication > authorities, attribute authorities, and policy decision points. SAML > defines a protocol by which clients can request assertions from SAML > authorities and get a response from them. This protocol, consisting of > XML-based request and response message formats, can be bound to many > different underlying communications and transport protocols; SAML > currently defines one binding, to SOAP over HTTP. > > SAML may be profiled to enable Single Sign-On (SSO), the ability of a > user to authenticate in one domain and use resources in other domains > without re-authenticating. The SAML specifications define two Web > Browser SSO Profiles. However, note that SAML can be profiled to > support various non-SSO-specific usage scenarios, such as in > authorization systems. > > > (d) Certifications of implementation > > The chairs are pleased to report that more than 10 companies have > provided attestations of implementation and use for SAML 1.0. As SAML > 1.0 conformance allows for modular implementation of the > specification, the committee has determined that each aspect of the > specification has been implemented by at least 5 companies. All > implementers have been made aware of IPR claims regarding the > specification and insofar as any processes have been established for > complying with these claims, each implementer believes they have taken > adequate steps to comply with any such rights, or claimed rights. > > A complete list of attestations from implementers are available in the > Security Services TC e-mail archives. The following representative > list of attestations of implementation and acknowledgment of IPR > claims satisfies the OASIS requirement for submitting a specification > for review: > > Sun Microsystems > http://lists.oasis-open.org/archives/security-services/200205/msg00040 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00021 > .html > > Oblix > http://lists.oasis-open.org/archives/security-services/200205/msg00045 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00019 > .html > > Quadrasis > http://lists.oasis-open.org/archives/security-services/200205/msg00038 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00029 > .html > > CrossLogix > http://lists.oasis-open.org/archives/security-services/200205/msg00037 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00026 > .html > > Entrust > http://lists.oasis-open.org/archives/security-services/200205/msg00074 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00027 > .html > > Internet2 > http://lists.oasis-open.org/archives/security-services/200205/msg00030 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00028 > .html > > Novell > http://lists.oasis-open.org/archives/security-services/200206/msg00000 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00030 > .html > > Sigaba > http://lists.oasis-open.org/archives/security-services/200205/msg00043 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00031 > .html > > Baltimore > http://lists.oasis-open.org/archives/security-services/200205/msg00042 > .html > http://lists.oasis-open.org/archives/security-services/200206/msg00033 > .html > > > (e) History of previous OASIS standardization attempts. > > There have been no past attempts to submit SAML for OASIS > standardization. > > (f) Publicly visible comments archive. > > The Security Services TC comment archive can be found at > http://lists.oasis-open.org/archives/security-services-comment/ > > (g) OASIS IPR policy statement. > > The chairs certify that all members of the TC have been provided with > a copy of the OASIS IPR policy. > > > Respectfully submitted, > > Joe Pato & Jeff Hodges > Co-Chairs OASIS Security Services TC > > > </karl> > ================================================================= > Karl F. Best > OASIS - Director, Technical Operations > +1 978.667.5115 x206 > karl.best@oasis-open.org http://www.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC