[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: IBM charter position (was[security-services] Groups - sstc-saml-charter-2.0-draft-02.doc uploaded)
Sorry for late reply.... On Mon, 2003-11-17 at 04:31, ext Anthony Nadalin wrote: > Thanks for the comments but I'm confused, it seems that OMA has chosen > to accept Liberty 1.1 for SSO but complete federated identity is still > out of scope for the phase 1 work. So it seem that any immediate > urgency from the mobile community can be solved by the specifications > the Liberty group has encouraged the OMA to accept., So what is > pushing the urgency in the SS-TC, can't folks use the Liberty > specifications ? Maybe you can get some of your customers to help us > understand why what Liberty group has encouraged the OMA to accept is > not sufficient. OMA (Open Mobile Alliance) does it's own decisions as to what to use etc... but in this particular case I think you have misunderstood something, since OMA is normatively referring to the whole of ID-FF 1.1 including Federated Identity. Please check with your OMA folks. > > You are welcome to attend the public workshops on the various WS-* > specifications. RSA is joining us next week, and maybe Nokia could > participate with the authors and other companies. These workshops > allows an open exchange under RF rules prior to submitting the > specifications to a standards body. See > http://www-106.ibm.com/developerworks/offers/WS-Specworkshops/ for IP > and other related issues. You know perfectly well Nokia's concerns related to this and similar workshops. 1) Our legal has issues with this, similar to what AOL indicated, they advice us not to sign this or similar documents. 2) Nokia is been asked to give it's comments and contributions to an unknown process, which we can't influence.... somebody in some closed environment makes decisions as to what is "IN" and what is "OUT". 3) Nokia doesn't want to endorse a process which by it's design has been created to bypass a real standardization process. > I remember Liberty making a similar commitment to hold such events. > Have there been any workshops held under RF terms yet ? > I assume you are referring to page 8 of the following white paper: http://www.projectliberty.org/resources/whitepapers/wsfed-liberty-overview-10-13-03.pdf If you read it you will notice that it serves quite a different purpose than what the one you refer to serves. Liberty doesn't need to arrange specific public feedback sessions about it's specifications, since it is an open standardization organization like OMA, W3C or WS-I forum. Thus anybody interested in Liberty's work can join and participate. The white paper calls for sessions about convergence between various industry efforts and how to move forward on those. > I also don't understand the phone number references you make ? I know > there is some EU mandate coming but I'm not sure why the SAML group > needs to address this, can you elaborate as I have not seen any > requirement in the SS-TC or in OMA yet.? I think you might be mixing a specific use case with general features. What I described is a use case fully possible to implement using ID-FF, even thought the ID-FF spec doesn't specifically mention phone numbers :-). The general features of ID-FF allows the use case to work, and I hope to see these general features included in SAML 2.0. -Timo ps. check out FCC-page: http://www.fcc.gov/cgb/NumberPortability/ This makes the use of phone number as an identifier in transactions a bit difficult, and a pseudonymous/anonymous identity solution is needed, even at your home marketplace. Today this is mostly addressed by deployments of proprietary systems, a standard typically helps out a bit on interoperability :-).
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]