[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdf uploaded
On 8/16/06, Ari Kermaier <ari.kermaier@oracle.com> wrote: > > > > I would say that if you want to use NameQualifier, you should > > define a new > > Format, because the existing Format left it unspecified. That's why we > > deprecated the use of the attribute for that Format. You'd > > run the risk of > > expecting NameQualifier to be one thing and somebody having already > > implemented it to be something else. > > Agreed. And I think that the benefit of defining a new Format here is not worth the cost in terms of making existing general-purpose SAML 2.0 IdP implementations ineligible to participate in this profile. This is an illusion, I'm afraid. If it were true that an existing IdP deployment could easily participate in this profile (without significant modification), we probably wouldn't need this profile (as Scott has repeatedly argued). In fact, a year and a half of effort trying to do so suggests otherwise. That said, we agree it is probably unwise to define a new Format, so we will drop the NameQualifier requirement and use straight X509SubjectName. A new profile document is forthcoming. Actually, I've taken the liberty to decompose the profile into a related set of reusable profiles. I hope to upload these by the end of this week. Tom Scavo NCSA/University of Illinois
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]