[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Getting more work done on the FAQ
Of course, moments after I sent this, I saw something from a customer that suggests this addition! Q: Is SAML V1.1 backward compatible with SAML V1.0? Eve Eve L. Maler wrote: > I took an AI on today's call to collect and send out FAQs. I'd like to > get the following from all of you (please send me mail directly, unless > you think the TC would benefit from seeing your response): > > - Comments on the existing FAQ answers > - Comments on which new questions are most important to address soon > - Suggestions for additional questions > - Signups to draft some answers (for either new questions, or improved > answers to existing questions) > > The existing FAQ is here: > > http://www.oasis-open.org/committees/security/faq.php > > It covers the following questions: > > 1. General > Q: What is SAML? > Q: What is the need for this specification? > Q: What has the SAML TC produced to date and what is the roadmap ? > Q: Who should be involved in this effort ? > Q: Who will benefit from this work and how? > Q: How does this work compare with related efforts at other standard > organizations? > 2. Technical > Q: What is the connection between acts of authentication and SAML > authentication assertions? > Q: How does SAML protect against "man-in-the-middle" and "replay" > security attacks in general? > Q: How is trust established between a client and a SAML authority? > Q: Will SAML PDPs need to be configured to understand only selected > authorization decision queries? > Q: I don't currently use SOAP. Do I need to invent my own protocol > for requesting and getting SAML assertions? > > Following are additional questions for which written answers don't > exist. Some of these overlap; I'm just documenting them all in one > place for the first time, and it's interesting to see which come up > multiple times: > > Collected in late 2001/early 2002, mostly contributed by Edwin DeSouza > (in this case, I did remove the ones we covered above): > > 1. General > Q: Where is SAML being standardized? > Q: Who is participating in SAML? > Q: What will be the benefit of having all the major security vendors > implement SAML? > 2. Features and Benefits > Q: Does SAML provide facilities for authentication? > Q: Does SAML provide facilities for authorization and access control? > Q: Does SAML provide facilities for distributed session management? > Q: Can SAML be used to provide SSO for web services? > Q: Can SAML be used to provide SSO for web applications (pure HTML > clients)? > Q: Can SAML be used to provide SSO for web-enabled legacy > applications (Citrix/Transfuse to Legacy client/server applications)? > Q: Can SAML be used to provide SSO across a set of applications > within an enterprise (intranet)? > Q: Can SAML be used to provide SSO across a set of applications > across a set of enterprises (extranet) and across firewalls? > Q: Can SAML provide SSO across various OS, directory, database, > firewalls, etc. combinations? > 3. SAML and Other Technologies > 3.1. Relationship to Other Standards > Q: How does SAML work with XML? Is XML required? > Q: How does SAML work with HTTP and HTTPS? Is HTTPS or HTTP > required? > Q: How does SAML work with SOAP? Is SOAP required? > Q: How does SAML work with SSL and TLS? > Q: How does SAML work with PKI? > Q: How does SAML work with other authentication devices? > Q: How does SAML work with LDAP? > Q: How does SAML work with XKMS (Key Management Specification)? > Q: How does SAML work with XACML (Access Control Markup Language)? > Q: How does SAML work with PSML (Provisioning Services Markup > Language)? > Q: How does SAML work with DSML (Directory Services Markup > Language)? > Q: How does SAML work with Kerberos? > Q: How does SAML work with XML Signature? > Q: How does SAML work with XML Encryption? > 3.2. Relationship to Other Single Sign-On Frameworks > Q: How does SAML work with Microsoft Passport? > Q: How does SAML work with Project Liberty? > 4. Technical > Q: How can I trust/verify a SAML transaction? > Q: Is there a mechanism for telling a remote party that someone's > authentication has now expired? > Q: Can SAML appear in both the header and the body of a SOAP message? > Q: Will SAML PDPs need to be configured to understand only selected > authentication decision queries? > > Suggested/asked by various people over the past few months: > > Q: What is federated identity? > Q: How are SAML and Liberty related wrt federated identity? > Q: Can I share attribute information with SAML? Can I share > authorization information with SAML? (In order to highlight the > "non-authentication" parts of SAML) > Q: Will the use of XML/SAML hurt the performance of transactions? > Q: Can I use XrML or XACML or both with SAML? > Q: What are the differences between SAML and Liberty? > Q: What is the relation between SAML, XACML, XRML, and SPML? (This was > from a public comment. Further questions here: "It seems that for > example for an access control system there is no clear-cut for which > standard is applicable (assuming of course that standards are of > interest). In case all four apply, what are the areas of conflict > between the four or any couple? How about maturity and industry > acceptance? Obviously SAML is in good condition in this respect. How > about the others?") > Q: How do I use SAML on Citrix architectures? > Q: How do you maintain persistence of SAML assertions? > Q: How do you manage lifetime of SAML assertions? > Q: How do you squeeze more content into SAML when you wish to mix (more) > authentication with attributes? > Q: Why use SAML - is it secure ? (further comment from this person: > "answer: the threats (list) have all been examined, worked through, and > it is the only such set of constructs in the public domain") > Q: Performance - can one use SAML for non-web based applications ? And > if so how is best? > Q: What is the position today of SAML with respect to Liberty? > > Thanks for your input, > > Eve -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]