Re: [security-services] XPath Attribute Profile: Use cases

["Cameron Morris" <cmorris@novell.com>]

Fair question.  

 

I do not see this as additional functionality when compared to Liberty.  I see like this:

Suppose a customer buys my product and creates EP documents for each user.  This satisfies all the Liberty compliant service providers that the customer wants to inter-operate with. However, once that customer attempts to work with a SAML-only service provider, then he cannot reuse that information without creating a mapping or duplicating the data elsewhere.  In other words I see it as a compatibility bridge between liberty and non-liberty providers.

 

Also the SAML attribute query is simplier than the Web services in liberty (Yes, that means no user interactions, modifies, or more complex web services)  For those that don't want the extra stuff, the attribute query is easier.

 

- Cameron

>>>Robert Aarts <robert@trustgenix.com> 04/05/05 1:58 pm >>>
Sorry, I'm probably a bit late jumping in this thread, but could you
provide arguments as to why doing this XPath profile would result in
something that is better/more useful than the Liberty DST based
service(s) ? Don't get me wrong, I'm not saying that a XPath profile
would be a bad idea; I'm merely thinking of how such a (new) SAML
Attribute Provider would compare to an ID-WSF attribute provider.
Just as an example of some differences: ID-WSF has support for User
Interactions; ID-WSF can do "modify". Now in some use cases these are
important, in (many?) other cases not.
So what would be the *use* cases that favor the SAML Attribute Provider
enhanced with the XPath attribute profile ? More specifically what use
cases are made possible, i.e. cannot be realized with today's
standards/products, with such a profile?  I mean use cases that do not
presume that one has to use a SAML Attribute Provider, or Liberty, or
any other standard(s).

thanks, Robert