OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Question to SSTC -- RE: Questions Regarding SAML 2.0 Conformance

> >  1.  Can you provide some background on the Feature Matrix in
> >  Table 2 on Page 9 of the Conformance Requirements?
> >  Specifically, what are the key reasons why the "Lite" designations
> >  exist for the service providers and the identity providers
> >  operation modes?

Some vendors wanted a conformance mode with little or no state management burden on the implementations.

> Is the Lite designation sufficient for most purposes?

That depends on your purposes. If you don't know your requirements, you can't really start with the conformance side of things and ask "is this enough"?
> >  2.  Also, on Table 2, it appears as if there are only certain
> >  components of Table 1 that are shown. For example, there is no Web
> >  SSO, HTTP Post or HTTP Artifacts. What is the rationale for certain
> >  combinations of profiles and protocols being chosen or
> >  omitted from this section?

The specific case noted doesn't match the Table 2 in the document I have.

As an aside, there's virtually no real world relevance to that conformance document. It doesn't reflect important features that are left out of many if not most implementations, and certainly doesn't reflect all the work done since 2.0.

There are profiles within specific communities that are much more useful and relevant, and you can certainly judge the seriousness of an implementation by its willingness to support newer features.
-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]