OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] New profile language

During SAML V1.x, we had language in the profiles/bindings spec about 
this.  It was quite specific, but we never really implemented the full 
"profile registration" function within the TC, nor did people formally 
submit their profiles for registration.

http://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-bindings-1.1.pdf
(Section 2, particularly lines 183-187)

When we originally discussed the refactoring of the spec suite for V2.0 
(in September at RSA, I think), I had suggested moving this generic 
material to either the core spec or to some new entry-point document yet 
to be invented.  It looks like the entire old Section 2 has been 
retained in the latest draft of the profiles doc:

http://www.oasis-open.org/committees/download.php/7259/sstc-saml-profiles-2.0-draft-11-diff.pdf
(Section 2, particularly 206-209)

I think it's fine for us to continue to indicate that other groups can 
develop profiles, according to our latest notions of profiles (including 
attribute profiles) and conformance parameters.  I believe that we 
should welcome profiles from non-OASIS members.  We really should soften 
the language about the TC being a registry and repository, though.

Thus, I think something like Scott's wording would be a fine substitute 
for most of the stuff on lines 206-209, and we need to revise/clean 
up/extend Section 2 as a whole (e.g., to include all kinds of profiles, 
authentication classes, and whatever other major extension points we 
allow).  Perhaps we should also consider moving at least some of this 
information "up" in the spec suite.

	Eve

Scott Cantor wrote:
> How about something like:
> 
> "Profiles (or bindings or context classes, etc.) may be developed by groups
> other than the SSTC. OASIS members may wish to document and submit them for
> consideration by the SSTC in a future version of the specification, and
> other groups may simply wish to inform the commiteee of their work. Please
> refer to the SSTC web site for further details."
> 
> This is in reference to a comment about whether non-members could even
> submit a profile, I guess. If that's not an issue, we could simplify the
> language further.
-- 
Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]