[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Could use advise on changing the SAML FAQ
I like your latest suggest. My thoughts then are: - "What is SAML's history and background? - describe SSTC origin and original contributed inputs. - "What are the differences between SAML versions?" - Use much of Eve's/my text. - "What is in SAML's future?" - New profiles, Errata updates, Minor revisions as needed based on deployment feedback, etc. Rob Philpott Senior Consulting Engineer RSA Security Inc. Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 Email: rphilpott@rsasecurity.com I-name: =Rob.Philpott > -----Original Message----- > From: Eve.Maler@Sun.COM [mailto:Eve.Maler@Sun.COM] > Sent: Tuesday, October 11, 2005 10:56 AM > To: security-services@lists.oasis-open.org > Subject: [security-services] Could use advise on changing the SAML FAQ > > I got a bit stumped when working on my action item to change the > SAML FAQ (http://www.oasis-open.org/committees/security/faq.php) so > that it doesn't talk about "slight" incompatibilities. Rob gave me > some input but suggested I check with the TC to be sure. > > This is about the paragraph under the question "What is SAML's > history and background? What is in SAML's future?" that reads as > follows: > > "Approval of SAML v1.1 followed in September 2003. This version > focused on improving interoperability and specification clarity > through experience with Version 1.0, and in particular on tightening > up the relationship of SAML with XML Signature. In general, minor > revisions of SAML can be expected to be backwards compatible. This > version is very slightly incompatible with SAML v1.0 in the area of > XML Signature in order to take advantage of new knowledge about XML > Signature processing." > > I was instructed "to change the FAQ answer for 1.0-to-1.1 to remove > the suggestion of compatibility and to comment on the fact that > products that support V1.0 also implement V1.1, such that it's a > product compatibility issue and a partner communication/contract > issue to choose one." > > My attempt at a revision resulted in the following, which felt like > it was answering questions that hadn't been asked: > > "Approval of SAML v1.1 followed in September 2003. This version > focused on improving interoperability and specification clarity > through experience with Version 1.0, and in particular on tightening > up the relationship of SAML with XML Signature. Typically, products > that offer SAML v1.0 support also offer SAML v1.1 support. As in > any situation, if you are making a decision about which version to > deploy, you should check on product compatibility among your > identity federation partners and ensure that any > deployment/configuration agreements specify the correct version." > > Rob's attempt went like this: > > "Approval of SAML v1.1 followed in September 2003. This version > focused on improving interoperability and specification clarity > through experience with Version 1.0, and in particular on tightening > up the relationship of SAML with XML Signature. The nature of these > changes resulted in certain backward compatibility issues for SAML > V1.0 and V1.1, so in general, these two versions are considered to > be incompatible when different versions of SAML are configured > between partners. Products have been introduced to the market that > support both SAML V1.0 and V1.1, although they typically require any > specific configuration of any two cooperating partners to use the > same version of SAML. As in any situation, if you are making a > decision about which version to deploy, you should check on product > compatibility among your identity federation partners and ensure > that any deployment/configuration agreements specify the correct > version." > > I like Rob's new/changed text on top of mine. My only additional > thought is that maybe we want to break out much of this detailed > stuff into a separate question like "What are the differences > between SAML v1.0 and SAML v1.1?" -- or add it to the question > currently called "What's new in SAML v2.0?" and change the question > to "What are the differences between SAML versions?" Then we could > broaden the product deployment and configuration advice so that it > applies to any version. > > What do people think? Can we spend one minute on this issue in > today's call? > > Eve > -- > Eve Maler +1 425 947 4522 > Technology Director eve.maler @ sun.com > CTO Business Alliances group Sun Microsystems, Inc. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]