[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Comments on Tech Overview rev 13
Thanks for your thoughts! More back at you: Tom Scavo wrote: > Good point. Since this requires a change to the diagram, can I make > another suggestion (at the risk of being pedantic)? A flow diagram > illustrating request-response exchanges should not have an odd number > of steps. The culprit in this case is step 2, which is really a pair > of steps. It's a pair depending on the binding... I personally don't think we need to hew to this rule. >> - Sec 4.2.1, lines 1014-1015: It's worth noting that the reasons why >> the IdP and SP can't communicate could be either technical or >> nontechnical/"policy-driven". CardSpace's flows operate on the >> latter assumption by design. > > But this isn't unique to ECP. What isn't? How, then, can we describe the unique value-add better? >> - Sec 5.1: I think it would be useful and instructive to mention the >> ID-WSF SecMech-related specs in this section, to give context as to >> how additional profiling can utilize WS-Security and SAML assertions >> for a really complete system. > > Wouldn't it be better to give an overview of ID-WSF (good luck!) in a > separate subsection in section 5. If people are interested, I'm willing to take a whack at it, having done the "ID-WSF Basics" slides recently enough for them to be fresh in my mind. Eve -- Eve Maler +1 425 947 4522 Technology Director eve.maler @ sun.com CTO Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]