[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] 2.x suggestions
Am 21.03.2012 um 02:42 schrieb Cantor, Scott: > I had an action to propose some concrete changes to the conformance > document in the event that a new version of the standard is undertaken. > > As a related point, I thought it would be useful to propose some specific > extensions that I think ought to be merged into the core documents, > probably without actually changing any namespaces, just as a way of > combining and streamlining the material. > > On that subject, I agree on all your suggestions re core, bindings, profiles and metadata. > In terms of conformance, I would take a hard look at everything that's > currently MTI and probably reduce the number of bindings that are MTI for > Web SSO. > > I could see continuing to have conformance modes that divide into "light" > and "full", but I would change the emphasis between them to have less to > do with "state management" and more on which pieces of the spec I see get > used heavily and are useful for truly scalable deployment. A "full" > implementation shouldn't have to do things like logout or NameID mgmt, but > should have to support metadata for configuration and at least one full > metadata profile that is interoperably specified. > As "Light" and "Full" reflect rather a kind of completeness for a full set of use cases that most deployers won't need, I suggest purpose-related conformance classes, like "Enterprise" and "Large Federation" that reflect proper support for metadata and IDP-discovery. Or a class that request some security-related features like SLO, HoK, maybe <Response>-signature or SimpleSIgnBinding. - Rainer
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]