OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Stateless Conformity To SAML


This is a good point.

It seems there are two levels of conformance - conformance to the
protocol interactions and conformance to what the interactions are to
accomplish (semantics). If expressed as two levels, then conformance to
semantics requires correctly updating the identifier state as someone
mentioned, if only the protocol then that is not necessary.

It seems very high level conformance claims could be misinterpreted and
some more detail might be required.

Regards, Frederick

Frederick Hirsch

> -----Original Message-----
> From: ext Steve Anderson [mailto:sanderson@opennetwork.com] 
> Sent: Friday, July 30, 2004 3:25 PM
> To: Scott Cantor; security-services@lists.oasis-open.org
> Subject: RE: [security-services] Stateless Conformity To SAML
> I can appreciate that, but I don't think that will be the 
> universally held view.  And for those that don't, I think 
> this is a problem.  
> Overall, it's an issue of insufficient granularity in the 
> conformance claims.
> I understand we're trying to move away from too much 
> granularity, but this has swung to the opposite extreme, IMO.
> --
> Steve Anderson
> OpenNetwork
> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Friday, July 30, 2004 2:57 PM
> To: Steve Anderson; security-services@lists.oasis-open.org
> Subject: RE: [security-services] Stateless Conformity To SAML
> > And that's my point -- a conformance claim should offer a helpful 
> > clue, and at the very least, not be misleading.  Claiming 
> conformance 
> > to Name ID management messages seems very misleading if the product 
> > doesn't have any notion of "remembering" users.
> But let's be clear...I don't believe it's always the job of 
> the SAML product to do this in general. It's the job of the 
> product to inform the surrounding infrastructure that the 
> change happened. And I believe that that's how at least some 
> people would expect to deploy it. It's certainly how I intend 
> to (I do wear both hats).
> In such a case, my product isn't remembering the change 
> (except perhaps to modify some transitory state), but I would 
> claim that it's perfectly reasonable for me to claim 
> conformance and that it's a useful claim and not at all 
> misleading. That's the crux of my argument.
> -- Scott
> To unsubscribe from this mailing list (and be removed from 
> the roster of the OASIS TC), go to 
> http://www.oasis-open.org/apps/org/workgroup/security-services
> /members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]