OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Inclusion of Federated Name Registration Protocol in SAML 2.0

I would like to voice my concerns about the addition of this material
(Section 3.5 in core-06) to the SAML 2.0 materials. My sense is that this
was added at the same time when the AuthNRequest/AuthNResponse material was
added from ID-FF 1.2. However, we have not discussed this material and its
relevance to SAML 2.0.

I have not been able to understand the use-case for this protocol exchange.
At best it seems to represent some kind of completeness consideration
(having introduced IdP generated opaque handles for account linking, we
should also permit their update from SPs?). I can see there maybe some niche
use-cases that require its use but I would like this acknowledged before we
add this material to SAML 2.0.

My real concern is about its role down the road in the conformance matrix.
The larger we make the set of required functionality, the heavier the burden
on implementers, and this may have some impact on the vendors implementing
the specification.

I would also be very interested in learning about any concrete instance of
use of this protocol in any Liberty deployment.

- prateek

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]