OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Status of SAML drafts

I've nearly finished with core and bindings, and my goal is to get these 
two, plus the glossary, out to the list by COB today in "candidate last 
call working draft" form.  I will try to get the others out by Monday 
night (they just have edits -- no outstanding Es or PEs, as far as I 
know).  Today I will also send a E/PE status roundup to Jahan.

There are a number of items that I'm saving up to discuss on our Tuesday 
call, in addition to the other known outstanding issues.  Here's an 
advance list:

- Are the front-page contributor lists on each spec complete and 
accurate?  Please send me any corrections (e.g., to affiliations) and 
additions.  Basically, if you've joined the TC since 1.0 and/or have 
contributed significant comments to a spec, you should be mentioned here.

- For the acknowledgments page in the back of each spec, can I get an 
updated membership list from Steve Anderson to use?  Basically, this is 
just a membership list, nothing more.

- (This one is probably for me and Scott to work out:) In many places, 
we talk about xsi:type being REQUIRED with abstract types.  But an 
alternative is to derive a new non-abstract type and then bind the type 
to a foreign element.  Doesn't this do away with the need for xsi:type?

- In the core spec, Section 7.2.3, GET/HEAD/PUT/POST semantics are 
defined by fuzzy reference to "HTTP".  Should we add a bibliographic 
reference to [RFC2616] (HTTP 1.1) or [RFC1945] (HTTP 1.0) or both, or 
just leave it alone?

- In the bindings spec, we say we'll register/publish any profiles that 
are sent to us.  Now that Liberty 1.1 has been offered, we have had some 
profiles sent to us (though they're also extensions, not just new 
profiles).  Should we register/publish them on the website?  If so, 
should they be listed here as "known to us at the time of writing" 
profiles?  Are there any other external profiles we should consider 
treating this way?

- Now that the WSS TC has adopted our SAML SOAP profile work (as the 
SAML security token profile of WSS), should we give it a mention and a 
bibliographic reference in the introduction to Section 4 of the bindings 

- The final few chapters of the bindings spec seem really out of order. 
  I'd like to move them from this -- 7 References, 8 URL Size 
Restriction (Non-Normative), 9 Alternative SAML Artifact Format -- to 
this -- 7 Alternative SAML Artifact Format, 8 URL Size Restriction 
(Non-Normative), 9 References.  Comments?  If I have from a few people 
today that this is good, and hear from no one that it's bad, then I'll 
implement it in today's draft.

That's it for now...

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Technologies and Standards               eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]