OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] New work product requests submitted

I am missing in this list the technical overview document. Although it is non-mormative, it serves as a kind of starting point. Tech-overview does explain major use cases and protocol sequences quite well, but does not such a good job to understand data structures, in particular metadata, very well. I would like to see the structural model of SAML being described using UML. That should at least be more readable than xsd and consolidate the various extensions to metadata.

A related topic would be the compatibility with OIDC and the question of JWT in SAML. Both topics have the prerequisite of a common abstract model that is good enough to allow correct semantic mapping between each specific structure.

Anticipating the resource question: yes, I am willing to contribute.

- Rainer

Am 12.09.2012 um 03:32 schrieb "Cantor, Scott" <cantor.2@osu.edu>:

> Jira notifications may not be working at the moment, but I submitted work
> product requests for all of the original standard documents:
> Assertions and Protocols (saml-core-2.1)
> Bindings (saml-bindings-2.1)
> Profiles (saml-profiles-2.1)
> Metadata (saml-metadata-2.1)
> Authentication Context (saml-authn-context-2.1)
> Conformance Requirements (saml-conformance-2.1)
> Security and Privacy Requirements (saml-sec-consider-2.1)
> Glossary (saml-glossary-2.1)
> I don't know if that's going to be the final set we want, I'm guessing
> maybe not, but I can start getting the material in order at least.
> Does the new process allow us to have a separate Conformance document?
> A couple of thoughts I had:
> Glossary? How much work to put in? My big complaint was that we mostly
> dropped it entirely before we ever finished 2.0 and I don't think it's in
> very good shape. Not sure having a bad or incomplete glossary helps much.
> My thinking is we should take out some of the more conceptual stuff in
> there or attempts to define industry concepts and focus on defining *SAML*
> terms that are in the other documents as much as possible.
> Given actual use of Authn Context, are there aspects of that we should
> deprecate? Move the LOA profile document into the AC spec?
> How should Profiles really be organized? I noted a couple of ideas:
> I'd like to move the confirmation method stuff into core because it seems
> to me to be along the lines of the other identifier sections in core and
> gets reused by various things.
> I wonder if the attribute profile material might be put into a separate
> document together with other post-2.0 work around attributes.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: security-services-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]