OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] comment on saml-loa-authncontext-profile:remove 800-63 schemas

Thanks Scott, when I wrote 'linking to the profiles', I was referring to potential future class schemas derived for the 2 InCommon profiles, not the SAML LOA AC profile doc. For the AC LOA doc, I'm inclined to replace the NIST section with a example.foo.com.

I was suggesting that, for any future AC class schema for Bronze & Silver derived from the above base schema, the references should not be directly to the InCommon IAP doc (http://www.incommonfederation.org/docs/assurance/InC_Bronze-Silver_IAP_1.0_Final.pdf), but rather to the broader IAAF program doc (http://www.incommonfederation.org/docs/assurance/InC_IAAF_1.0_Final.pdf). But that's for InCommon to decide.


Scott Cantor wrote:
Paul Madsen wrote on 2009-05-01:
1) can you point me to the corresponding URIs?

I don't think they're 100% baked yet.

The AC class mechanism would have us (or InCommon) jump through the hoop
defining a set of class schemas that then linked to the profiles through
<Documentation> kluge ..

Yes, that was one of the reasons I wasn't sure using them was the "right
thing". Perhaps using a declaration is more appropriate. The theory of this
approach to LOA is that none of the other details matter and have all been
abstracted into that number.

2) Is linking to the profiles, directly or indirectly, the right thing?
Should we not link to appropriate sections of the InCommon framework
docs, i.e. to ensure that the profiles are interpreted in the context of
the full IAAF?

I don't think this document should link to anything. I think that was the
point being made, that it can't do so other than as purely example material.

3) I cant find any info on how the IAQs are expressed on the wire. As

TBD, but we have to support SAML 1.1, so using an Attribute is a logical
choice. Additionally, we defined the metadata tagging extension partly to
enable things like tagging entities with the LOAs that they can assert, and
that would be an Attribute anyway.

-- Scott

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00

Paul Madsen
e:paulmadsen @ ntt-at.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]