RE: [security-services] Groups - saml2-lecp.pdf uploaded

[<Timo.Skytta@nokia.com>]

Anthony,

Again, I can only speak on behalf of the mobile folks.

>Instead of starting with the technology, can I get the 
>requirement and the scenario that drove you to submit this ? I realize that this 
>is not "over an existing" profile, what I wanted to say was, "Why is the LEC Profile
>needed" which goes back to the requirement and scenarios.

The scenario was simple: How to make Federated SSO to work with existing installed
base of mobile internet enabled terminals. There is a large number of them, by the way :-).

Most of that installed base has limitations when it comes to URL-lengths, use of cookies
etc.. and the optimization of air time use and roundtrips over the air to the terminal was 
another major concern.

None of the existing SAML 1.0 profiles worked reliably enough with the installed base, or
were good enough in terms of the use of air time (to the terminal).

This conclusion by they way, is not based on a theoretical exercise, but is based on quite
an extensive testing and piloting of several Mobile members of Liberty.

The other major, generic problem LECP solves is how to find an IDP for a specific
end user.... In enterprise you can assume things, in internet, in general, not. LECP will know 
the IDPs for an end user.

I would like to turn around and ask you:

Tell me why and based on what exact information you think the current SAML 1.0/1.1
profiles will work for the mobile community.

-Timo