OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Minutes for July 13 SSTC Call

> (f) Expressing Identity Assurance profile for SAML2.0 (LOA)
> - Status: Public review period closed on 13 June 2010.
> - Status: Awaiting comments/resolutions.
> Paul, Scott and I reworking, will be uploaded in near term

I have it in hand for an editorial pass and then I'll upload, hopefully
later today.

> Hal, OASIS process requires that , perhaps at CS status, that all
> comments are acknowledged and addressed. As a courtesy, we could respond
> through email to commenters

We have to formally respond, but in the past we've used the wiki, I believe,
so I was planning to do that again.

> (h) SOA-TEL Token Correlation Profile (Federico/TI)
> http://www.oasis-open.org/committees/download.php/38374/sstc-saml-
> token%20correlation-profile-v0.8.pdf
> Federico & colleague will explain.
> Document defines the syntax to express a relation between two SAML
> assertion, a "main" one and a "related" one.

Unless I'm missing something, that's what SubjectConfirmation is for.

> The syntax defined defines a new security profile, in which a SAML
> assertion is syntactically and semantically meaningful if it is presented
> relation with another "related"
> SAML assertion; it enables to express a relation between two security
> SAML assertions

That's definitely SubjectConfirmation. There's nothing new needed apart from
optionally defining a new confirmation method.

> Paul, but <Advice> doesnt provide that semantic, better would be
> <Condition>?

SubjectConfirmation is really a special condition, and it has the semantic
"you can't act as the subject unless you can prove X".

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]