OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Drafts for review: Kerberos & SAML profiles

On 7 Jul 2009, at 01:14, Scott Cantor wrote:

> My suggestions inline. I'm mainly focusing on the technical design  
> and where
> I would describe the pieces, and not looking at editorial issues at  
> this
> point to save time.
> Josh Howlett wrote on 2009-06-23:
>> Please find attached three draft profiles.
>>  - Kerberos Attribute Profile 00: defines an attribute profile of
>> Kerberos.
> As I said on the call, what I think we want to do here is define  
> this so
> that we don't need a query profile at all, and instead rely on core
> processing rules for the AttributeQuery/Response protocol.

That's a nice approach; I will update accordingly.

>>  - Kerberos Attribute Query Profile 06: defines how a SAML requestor
>> can obtain a SAML attribute, that contains a Kerberos ticket, from a
>> SAML attribute authority.
> Based on what I read, I don't think you really need this document  
> once the
> attribute profile is supplemented slightly. It's pretty much out of  
> scope
> how the SAML authority might satisfy the tickets requested, so it's  
> not like
> there's a back-end protocol to specify here anyway.

I think you're right.

Thank you for your review and comments, it is greatly appreciated.

Best regards, josh.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]