OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: 15-day public review or 60-day public review?

On last Tuesday's concall (2007-09-25), a number of questions
regarding the SAML V2.0 Attribute Sharing Profile for X.509
Authentication-Based Systems and the SAMLv2.0 HTTP POST "SimpleSign"
Binding were raised.  Before I try to answer these questions, I'd like
to suggest that we try to use the wiki more effectively.  Document
editors of course should try to keep the wiki topics up to date.  It
might also be useful if we routinely passed wiki links to OASIS
administrators, rather than direct links into kavi.  This makes it
easier to accumulate required and requested information all in one
place.

Anyway, I updated the wiki topics for the Attribute Sharing Profile
and the SimpleSign Binding:

http://wiki.oasis-open.org/security/SstcSamlX509AuthnAttribProfile
http://wiki.oasis-open.org/security/SimpleSignBinding

Okay, now let me try to answer the questions that were raised on the call:

> 3.2 Docs pending public review
>
> Pending 15 Day Review
> *SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
> Systems (CD 04)
> *SAMLv2.0 HTTP POST "SimpleSign" Binding (CD 02)
>
> The following are needed.
>
> 1. The dates of the original 60-day review, including a link to the
> announcement

For the Attribute Sharing Profile, a link was added to the wiki.

For the SimpleSign Binding, I can find no record of it ever having
gone through a 60-day public review.  Does anyone recall when this
might have happened?

> 2. The comment resolution log of any reported issues
>
> 3. A change-marked copy of the spec noting the differences from the
> version submitted for the 60-day public review.

Since the Attribute Sharing Profile has gone through so many revisions
since it went to public review (see the wiki), a diff would be
essentially worthless.  For this reason, and since I can't find any
record of the SimpleSign Binding having gone through public review,
perhaps we should request 60-day public review periods for both of
these documents (and in fact, all four documents currently in the
pipeline).  What do you think?

> Need work on conformance sections:
>
> SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based
> Systems - contains no conformance section

This is incorrect.  See section 6 of CD-04 linked in the wiki.

> SAMLv2.0 HTTP POST "SimpleSign" Binding - contains an inadequate
> conformance
> section:
> "A specification that is approved by the TC at the Public Review Draft,
> Committee Specification or OASIS Standard level must include a separate
> section, listing a set of numbered conformance clauses, to which any
> implementation of the specification must adhere in order to claim
> conformance to the specification (or any optional portion thereof)."

I'm guessing this means the conformance clauses need to be contained
in their own top-level section.

Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]