security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [security-services] Proposed Charter Update
- From: "Conor P. Cahill" <concahill@aol.com>
- To: "Anthony Nadalin" <drsecure@us.ibm.com>
- Date: Mon, 17 Nov 2003 05:12:49 -0500
I don't like the proposed update changes because:
1. The removal of
the phrase "the ability to federate identities across such domains"
will be used by some to try to argue that identity federation is out of
scope. The reason for claifying the charter to to recognize that SSO
across domains is kind of impossible without some form of federation of
identities.
2. The
addition of "and non-SAML based" in the 3rd bullet greately extends the
scope of work saying that the SSTC has, in it's scope, to deal with
federation in other security architectures (specifically those that are
not based on SAML). I think this broadens the scope way beyond what
is reasonable for the SSTC to effectively handle.
Note that my objection, in no way, means that we shouldn't consider
other work that is done -- just that solutions for such other systems
should not be within our scope of work.
Conor
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]