[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Stateless Conformity To SAML
-----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Thursday, July 29, 2004 7:11 PM To: 'Beach, Michael C'; security-services@lists.oasis-open.org Subject: RE: [security-services] Stateless Conformity To SAML > ... > > But even if I did, so what? I don't see how conformance to a protocol says > anything about the way the implementation does or doesn't manage data. In > other words, I think I can implement a conformant product that doesn't > internally handle all this in any but the most rudimentary way, and that I > wouldn't expect anyone to use in practice. So does that make the claim of > support for the protocol worthless? > > ... "Worthless" may be a bit strong, but absolutely believe that it significantly undermines conformance claims overall. To stub out processing of the protocol would get you a pass on a (as of yet non-existent) conformance test, but it does the customer no good. This isn't to suggest that conformance claims guarantee the customer of a useful product, but it should at least suggest the vendor's intentions. And here is a case where we would be pressing vendors to claim conformance to something they may have no intention of really leveraging. -- Steve Anderson OpenNetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]