RE: [security-services] Groups -draft-sstc-solution-profile-soap-02.pdfuploaded

[Michael McIntosh <mikemci@us.ibm.com>]

Scott,

Perhaps there isn't a need for every
single authentication mechanism to have its own profile, but we need to
make sure we can support these mechanisms when used with SAML. We are proposing
a profile of how WSS can be used with SAML.

Thanks,
Mike

Scott Cantor <cantor.2@osu.edu> wrote on 02/10/2004
09:47:03 AM:

> >TLS sometimes becomes problematic to use everywhere so one profile
(as
> >described here) is the use of SOAP between SS and SA and the SOAP
message
> is
> >protected via WSS, this does not preclude other profiles.
> 
> Maybe I'm being nit picky but I'd just hate to see every possible
message
> authentication technology be labeled a profile. I'm not saying we
can't or
> shouldn't profile WSS itself to constrain the options involved when
its used
> in this context, but that's a profile of WSS so to speak, not a SAML
> profile.
> 
> -- Scott
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster
of the OASIS 
> TC), go to http://www.oasis-open.org/apps/org/workgroup/security-
> services/members/leave_workgroup.php.
>