[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] New profile language
During SAML V1.x, we had language in the profiles/bindings spec about this. It was quite specific, but we never really implemented the full "profile registration" function within the TC, nor did people formally submit their profiles for registration. http://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-bindings-1.1.pdf (Section 2, particularly lines 183-187) When we originally discussed the refactoring of the spec suite for V2.0 (in September at RSA, I think), I had suggested moving this generic material to either the core spec or to some new entry-point document yet to be invented. It looks like the entire old Section 2 has been retained in the latest draft of the profiles doc: http://www.oasis-open.org/committees/download.php/7259/sstc-saml-profiles-2.0-draft-11-diff.pdf (Section 2, particularly 206-209) I think it's fine for us to continue to indicate that other groups can develop profiles, according to our latest notions of profiles (including attribute profiles) and conformance parameters. I believe that we should welcome profiles from non-OASIS members. We really should soften the language about the TC being a registry and repository, though. Thus, I think something like Scott's wording would be a fine substitute for most of the stuff on lines 206-209, and we need to revise/clean up/extend Section 2 as a whole (e.g., to include all kinds of profiles, authentication classes, and whatever other major extension points we allow). Perhaps we should also consider moving at least some of this information "up" in the spec suite. Eve Scott Cantor wrote: > How about something like: > > "Profiles (or bindings or context classes, etc.) may be developed by groups > other than the SSTC. OASIS members may wish to document and submit them for > consideration by the SSTC in a future version of the specification, and > other groups may simply wish to inform the commiteee of their work. Please > refer to the SSTC web site for further details." > > This is in reference to a comment about whether non-members could even > submit a profile, I guess. If that's not an issue, we could simplify the > language further. -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]