OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] comments re draft-sstc-metadata-iop-03

Tom Scavo wrote on 2009-02-12:
> I can vouch for the efficacy of this metadata profile since I've
> deployed it and it works.  I've also watched from the sidelines as
> this profile has seen large-scale deployment within SAML federations
> worldwide.  Again, it just works.  So the comment I have to make is
> that it doesn't work for everybody.  Therefore I believe the title,
> abstract, and introduction should be very clear about the intended
> scope of this Metadata Interoperability Profile.

I have yet to run into a deployment context in which this doesn't work for
technical reasons (leaving aside politics and the use of software that
doesn't support it obviously). That said, if someone can identify some kind
of definition that would attach to "who can use this" that would make sense,
that's fine. But I can't see any obvious way to scope it. It's certainly not
scoped to SSO, or to higher education.

I can think of cases where it doesn't buy as much as it does in other cases,
but none offhand where it wouldn't work.
(On naming, the best alternative I could come up with was something like
Metadata Runtime Consumption Profile, which kind of blows.)

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]