Subject: venue for SAML profile discussion/registration
Along the lines of "other business" for today's call: I think we've talked about this issue occasionally but I don't think we've come to a conclusion. Maybe it is somewhat related to the conformance discussion in terms of facilitating the use of SAML by specific communities. People may be aware that there is some work going in the SIP community about profiling SAML for use in authentication and attribute-transmission for SIP sessions. See: http://www.ietf.org/internet-drafts/draft-tschofenig-sip-saml-02.txt for the current document. I recently spoke with the main author (Hannes Tschofenig) about how to proceed with this. They're thinking about some extensions to SAML (eg a SIP-specific confirmation method) and wondering (a) how to get review, and (b) if OASIS or the SSTC will provide a way to register such extensions. I think it's in the interest of the SAML community to support this kind of thing, at least structurally (obviously we can't commit anyone in particular to do serious design work). Ideally some procedures-for-profiling/extending-SAML would be in our outreach material. - RL "Bob"