OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] goal statement thread

Mishra, Prateek wrote:

> The goals of the SAML 2.0 effort include:
> (1) addressing issues that have arisen from experience with real-world SAML
> 1.0 and SAML 1.1 implementations,
> (2) expanding the scope of the SAML specification to address features such
> as identity 
> federation, session
> context, metadata exchange, authentication services, plus 
> specify new 
> SAML profiles that make use of them, such as B2B, A2A, back-office 
> profiles. 
> (3) addressing issues that have arisen from the development of other
> security specifications that make use of SAML 1.X, such as WS-Security and
> (4) incorporation of the Liberty Alliance ID-FF v1.1 and v1.2 
> specifications as foundation specifications.

People will notice that I played with this text a bit in the FAQ.  I was 
trying to fix a couple of problems I perceived:  Point #2 is too 
specific about profiles; we still have to go through a use-case 
acceptance phase for the non-ID-FF work items around this.  Also, points 
#2 and #4 seem to overlap a bit because of the Liberty connection of 
many of the new features.  And #1 and #2 are sort of similar in nature 
as well.

What do people think of this new formulation?  What's below is an update 
of the FAQ text.  The first goal is essentially about maturity and 
interoperability, and the second goal is about the natural feature arc 
of SAML.

The goals of the SAML 2.0 effort include:

o Addressing issues and enhancement requests that have arisen from 
experience with real-world SAML implementations and with standards 
architectures that use SAML, such as the OASIS WSS and XACML work.

o Adding support for features that were deferred from previous versions 
of SAML for schedule reasons, such as session support, the exchange of 
metadata to ensure more interoperable interactions, and collection of 
credentials.  This support will be based on the Liberty Alliance ID-FF 
V1.1 [and V1.2?] specifications that were contributed to the TC.

I think we need to make a decision on the official goal statement pretty 
soon, as the FAQ and other materials will want to use it.


p.s. Has *everyone* doublechecked with their OASIS voting rep about 
their SAML V1.1 vote being recorded?????

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com
SunNetwork 2003 Conference and Pavilion  http://www.sun.com/sunnetwork
September 16-18, 2003                    Moscone Center, San Francisco
An unparalleled event in network computing! Make the net work for you!

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]