OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Some tech overview comments

+1

I think we can do justice to ECP in the technical overview as well as  
other SAML profiles. I'm in the process of reviewing the technical  
overview and will see if I have any concrete suggestions.

regards, Frederick

Frederick Hirsch
Nokia



On Feb 14, 2008, at 10:32 AM, ext Scott Cantor wrote:

>> While I think ECP is actually quite clever, is it not, actually,
>> more often, in pre-existing devices/architectures, used like a
>> prosthetic/remediation profile? And wouldn't -most- new clients
>> be wise to study closely, and give initial favor to, the other
>> profiles? Which gets to Brian's questions in:
>
> Well, no. The browser profile is the one to avoid, especially when  
> designing
> new work. ECP, and its Liberty variants and profiles of plain SOAP  
> SSO are
> the ones to use for most use cases. They address discovery and  
> support all
> applications that can handle SAML assertions as an attachment.
>
> If anything we undersell ECP, but that's mainly because you need ID- 
> WSF to
> maximize its usefulness.
>
>> 5.2 ECP Profile
>> The browser SSO profile discussed above works with popular web
>> browsers, fully-featured web libraries and tool kits, and many
>> embedded implementations. This section, in contrast, describes
>> a SAML V2.0 profile which fits when, to participate in SAML V2.0
>> use cases, a client deployment context requires assistance
>> through proxy service, or requires enhancement.
>
> But this is simply wrong. It is for clients that have intelligence.  
> The
> proxy/WAP angle is the one I find silly. I'm sure that matters to a
> particular niche, but it's not appropriate for an overview.
>
> None of this is to disagree with Brian's points...I think there's a  
> place to
> talk about ECP but not as a basic example of what's currently in  
> the spec
> and in wide use.
>
> -- Scott
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs  
> in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]