[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Next rev of the SAML FAQ
Hi folks-- I'd like to get some help from you all as I revise the SAML FAQ. Its first version was just to get something out there; now we need to upgrade it considerably, something I hope to do before the December holidays. You can find it here: http://www.oasis-open.org/committees/security/faq.php The questions currently covered are as follows: 1. General Q: What is SAML? Q: What is the need for this specification? Q: What has the SAML TC produced to date and what is the roadmap? Q: Who should be involved in this effort? Q: Who will benefit from this work and how? Q: How does this work compare with related efforts at other standard organizations? 2. Technical Q: What is the connection between acts of authentication and SAML authentication assertions? Q: How does SAML protect against "man-in-the-middle" and "replay" security attacks in general? Q: How is trust established between a client and a SAML authority? Q: Will SAML PDPs need to be configured to understand only selected authorization decision queries? Q: I don't currently use SOAP. Do I need to invent my own protocol for requesting and getting SAML assertions? Can you all please send me, in private email, the questions that you have heard from customers/developers or wondered about yourself? And, of course, if you have any comments on the existing questions and answers, send them my way. You may want to ask your marketing folks for input on this; feel free to forward. Thanks, Eve -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]