OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] comment on saml-loa-authncontext-profile: remove 800-63 schemas

Paul Madsen wrote on 2009-05-01:
> 1) can you point me to the corresponding URIs?

I don't think they're 100% baked yet.

> The AC class mechanism would have us (or InCommon) jump through the hoop
> defining a set of class schemas that then linked to the profiles through
> <Documentation> kluge ..

Yes, that was one of the reasons I wasn't sure using them was the "right
thing". Perhaps using a declaration is more appropriate. The theory of this
approach to LOA is that none of the other details matter and have all been
abstracted into that number.

> 2) Is linking to the profiles, directly or indirectly, the right thing?
> Should we not link to appropriate sections of the InCommon framework
> docs, i.e. to ensure that the profiles are interpreted in the context of
> the full IAAF?

I don't think this document should link to anything. I think that was the
point being made, that it can't do so other than as purely example material.

> 3) I cant find any info on how the IAQs are expressed on the wire. As
> attributes?

TBD, but we have to support SAML 1.1, so using an Attribute is a logical
choice. Additionally, we defined the metadata tagging extension partly to
enable things like tagging entities with the LOAs that they can assert, and
that would be an Attribute anyway.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]