RE: [security-services] Roles for SAML 2.0 Metadata

["Jahan Moreh" <jmoreh@sigaba.com>]

Anothny -

I think you may have misunderstood my message. The concept of a "role" in this case is really that of a "participant". I.e., we are talking about the role that a SAML participant would take in communicating with another "participant". May be "participant" is also not a good name; may be we should call it a "meta role". In any case, this is specifcally NOT an arbitrary role that can be specified in an attribute assertion.

 

 

Jahan

------
Jahan Moreh
Chief Security Architect
310.286.3070

-----Original Message-----
From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Friday, December 19, 2003 8:09 AM
To: security-services@lists.oasis-open.org
Subject: Re: [security-services] Roles for SAML 2.0 Metadata

Why is this restricted to any role this seems like an artifact of Liberty ? These should just be attribute assertions that any role can use.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
"Jahan Moreh" <jmoreh@sigaba.com>

"Jahan Moreh" <jmoreh@sigaba.com> 12/16/2003 01:48 PM Please respond to jmoreh

To: <security-services@lists.oasis-open.org> cc: Subject: [security-services] Roles for SAML 2.0 Metadata

Colleagues -
During our focus group discussion of today (December 16), we recognized the
need for specifying metadata for various roles. Our discussion lead us to
believe that SAML 2.0 metadata should recognize the following roles:
1. Identity provider
2. Service provider
3. Attribute provider

Do people have any thoughts/comments on this matter?

Thanks,
Jahan

------
Jahan Moreh
Chief Security Architect
310.286.3070



To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.