OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] "Registration" process for third-party SAMLcustomizations

I'll try to respond to the comments from both John and Prateek here...

It sounds like the distinction between extensibility and the ability to 
create new profiles could pretty much be addressed by Prateek's message 
about the focus-call conclusion that I should say "SAML Profiles, 
Bindings and Extensions" instead of "SAML Customizations".  With that 
attitude firmly in place, I can edit the description for consistency to 
that.  I'll give that a whack sometime in the next few days.

As an aside, I have to say that I consider SAML's framework-style design 
as a kind of "design for extensibility", even though it doesn't involve 
schema extensions.  I gave a talk on "Delivering on the Promise of XML" 
last year, which examined the efficacy of SAML's and UBL's choices 
around extensibility while trying to retain interop.  I argued there are 
three flavors of extensibility: content, structure, and protocol.  I'd 
put inventing new profiles into the last category, though I know we use 
the word "protocol" differently in SAML...  The preso is dated now, 
since both SAML and UBL have changed some of their mechanisms, but if 
anyone wants to see it out of curiosity, let me know and I can send it 
to you.


John Kemp wrote:

> Hi Eve,
> The only quibble I would have with this statement is that I don't 
> consider further profiling to be an example of SAML "extensibility". In 
> most cases, it seems to me that particular groups of SAML users will 
> wish to further profile the specifications - by creating new protocol 
> profiles, or new authentication classes. In other cases, groups will 
> decide to extend the SAML schema (to create new Conditions for example).
> But I guess all I would do to your statement below is to amend the first 
> couple of sentences to read something like:
> "SAML is designed both for extensibility and general applicability. It 
> is anticipated that some SAML users may wish to further profile or 
> extend the SAML specifications, by custom-designing their own protocol 
> profiles, attribute profiles..."
> - JohnK
> ext Eve L. Maler wrote:
>> Forgot to bring this up on today's call.  Any comments?  I don't think 
>> we particularly need to rush to get this settled as long as we do it 
>> by the time V2.0 is final; it probably needs a quorate discussion, so 
>> that'll be Nov 9.  (I think Mary McRae also wanted a chance to 
>> convince me that we should be using the OASIS Registry for this...)
>>     Eve
>> Eve L. Maler wrote:
>>> Here's the sort of thing I was thinking of adding to the SAML website 
>>> regarding a "registration" process.  What do you all think?
>>> ========
>>> SAML Customizations:
>>> SAML is designed for extensibility, and it is anticipated that some 
>>> SAML users will want to custom-design their own profiles, attribute 
>>> profiles, authentication context classes, and/or extensions as 
>>> appropriate for their purposes.  The SSTC invites third parties who 
>>> are customizing SAML to notify us of the existence of their 
>>> documented SAML usage so that we can list and link to the documents 
>>> on this site.  This listing is intended to help other SAML users more 
>>> easily find and use existing customizations.
>>> It is expected that any such customization document adhere to any 
>>> guidelines set forth in the relevant SAML specification; as one 
>>> example of a guideline, each profile must be assigned a unique URI.
>>> To notify the SSTC of your customization, use the [link: comment 
>>> form].  The SSTC reserves the right not to list any customization, 
>>> and no endorsement by the SSTC of any listed customization is implied.
>>> If you are an OASIS member and wish to contribute a SAML profile or 
>>> other customization to the SSTC for consideration in future work on 
>>> SAML, please refer to the OASIS TC process for the proper way to make 
>>> a contribution.
>>> ========
>>>     Eve

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]