[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml2-profiles-x509-draft-11.odt uploaded
[Unless otherwise noted, all references to "this document" within this message refer to the document cited in the subject line. For further reference, note that this document contains four subprofiles: SAML V2.0 Profiles for X.509 Subjects: 1. X.509 SAML Subject Profile 2. SAML Assertion Profile for X.509 Subjects 3. SAML Attribute Query Profile for X.509 Subjects 4. SAML Attribute Self-Query Profile for X.509 Subjects These subprofiles are referred to by name below.] To summarize the disposition of this document: It was decided on the last two calls that this document be withdrawn from consideration, and that Ari draft a new revision of the "SAML Attribute Sharing Profile for X.509 Authentication-Based Systems". It was further recommended that this document be renamed and resubmitted as the initial installment of a completely new document stream. The term "deployment profile" was used to describe this new document. The above is my interpretation of the discussion thus far. Please correct me if you took away a different interpretation. That said, I have decided not to fork a new document stream at this time, for the following reasons: - No formal comments have been received regarding this document, but Scott has offered some general comments regarding this family of documents. These comments should be addressed in any new document submitted to the SSTC. Thus this document should be rewritten to take these comments into account. - Ari's forthcoming rewrite of the "SAML Attribute Sharing Profile for X.509 Authentication-Based Systems" will no doubt overlap significantly with this document (since the history of both can be traced to the same root ancestor). Until I've had a chance to review Ari's work, it seems unwise to fork a competing document stream. - It is not clear what is meant by "deployment profile." I agree that the subprofiles "X.509 SAML Subject Profile" and "SAML Assertion Profile for X.509 Subjects" are not "profiles" as the word is often used, but the "SAML Attribute Query Profile for X.509 Subjects" and the "SAML Attribute Self-Query Profile for X.509 Subjects" are indeed profiles associated with specific use cases. Moreover, the use case associated with the "SAML Attribute Query Profile for X.509 Subjects" is precisely the same use case that motivates the "SAML Attribute Sharing Profile for X.509 Authentication-Based Systems", so if one is not a profile, neither is the other. So all in all, I think it's best to wait and see how the "SAML Attribute Sharing Profile for X.509 Authentication-Based Systems" shakes out. In the meantime, our group is implementing a complete end-to-end solution for this use case based on SAML V1.1 technology. This experience will help us better understand the profile requirements of this use case. Best regards, Tom Scavo NCSA/University of Illinois On 29 Aug 2006 19:43:59 -0000, tscavo@ncsa.uiuc.edu <tscavo@ncsa.uiuc.edu> wrote: > The document named sstc-saml2-profiles-x509-draft-11.odt has been submitted > by Tom Scavo* to the OASIS Security Services (SAML) TC document > repository. > > Document Description: > SAML V2.0 Profiles for X.509 Subjects (ODT) > > View Document Details: > http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=19999 > > Download Document: > http://www.oasis-open.org/apps/org/workgroup/security/download.php/19999/sstc-saml2-profiles-x509-draft-11.odt > > > PLEASE NOTE: If the above links do not work for you, your email application > may be breaking the link into two pieces. You may be able to copy and paste > the entire link address into the address field of your web browser. > > -OASIS Open Administration >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]