OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] 2.x suggestions

Am 21.03.2012 um 02:42 schrieb Cantor, Scott:

> I had an action to propose some concrete changes to the conformance
> document in the event that a new version of the standard is undertaken.
> As a related point, I thought it would be useful to propose some specific
> extensions that I think ought to be merged into the core documents,
> probably without actually changing any namespaces, just as a way of
> combining and streamlining the material.
> On that subject,

I agree on all your suggestions re core, bindings, profiles and metadata.

> In terms of conformance, I would take a hard look at everything that's
> currently MTI and probably reduce the number of bindings that are MTI for
> Web SSO.
> I could see continuing to have conformance modes that divide into "light"
> and "full", but I would change the emphasis between them to have less to
> do with "state management" and more on which pieces of the spec I see get
> used heavily and are useful for truly scalable deployment. A "full"
> implementation shouldn't have to do things like logout or NameID mgmt, but
> should have to support metadata for configuration and at least one full
> metadata profile that is interoperably specified.
As "Light" and "Full" reflect rather a kind of completeness for a full set of use cases that most deployers won't need, I suggest purpose-related conformance classes, like "Enterprise" and "Large Federation" that reflect proper support for metadata and IDP-discovery. Or a class that request some security-related features like SLO, HoK, maybe <Response>-signature or SimpleSIgnBinding.

- Rainer

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]