OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] New work product requests submitted

Hi Scott -

The tickets are all there. The JIRA notification gap is annoying but
you can always check the current queue from the 'Active Support
Requests' link on the TC Admin home page

Regarding the conformance clauses, this is the first time I have seen
the idea come up. My initial reaction is this: if you envision this as
one large multi-part work product - that is, that core, bindings,
profiles,etc. are all going to be parts of 'SAML 2.1' then (a) we'll
need to think about some master overview document to point to all the
parts and (b) a separate conformance clauses document is fine.

If each is considered a stand-alone spec however - that is, if SAML
2.1 Bindings could become an OASIS Standard all by itself - then the
current rules call for it to have its own conformance section.

I can take up the question of having a conformance CS document that
all other CSes would normatively reference. It is an interesting idea
& I can see pluses and minuses to it worth thinking through.



On Tue, Sep 11, 2012 at 9:32 PM, Cantor, Scott <cantor.2@osu.edu> wrote:
> Jira notifications may not be working at the moment, but I submitted work
> product requests for all of the original standard documents:
> Assertions and Protocols (saml-core-2.1)
> Bindings (saml-bindings-2.1)
> Profiles (saml-profiles-2.1)
> Metadata (saml-metadata-2.1)
> Authentication Context (saml-authn-context-2.1)
> Conformance Requirements (saml-conformance-2.1)
> Security and Privacy Requirements (saml-sec-consider-2.1)
> Glossary (saml-glossary-2.1)
> I don't know if that's going to be the final set we want, I'm guessing
> maybe not, but I can start getting the material in order at least.
> Does the new process allow us to have a separate Conformance document?
> A couple of thoughts I had:
> Glossary? How much work to put in? My big complaint was that we mostly
> dropped it entirely before we ever finished 2.0 and I don't think it's in
> very good shape. Not sure having a bad or incomplete glossary helps much.
> My thinking is we should take out some of the more conceptual stuff in
> there or attempts to define industry concepts and focus on defining *SAML*
> terms that are in the other documents as much as possible.
> Given actual use of Authn Context, are there aspects of that we should
> deprecate? Move the LOA profile document into the AC spec?
> How should Profiles really be organized? I noted a couple of ideas:
> I'd like to move the confirmation method stuff into core because it seems
> to me to be along the lines of the other identifier sections in core and
> gets reused by various things.
> I wonder if the attribute profile material might be put into a separate
> document together with other post-2.0 work around attributes.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: security-services-help@lists.oasis-open.org


Chet Ensign
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393

TC Administration information and support is available at

Follow OASIS on:
LinkedIn:    http://linkd.in/OASISopen
Twitter:        http://twitter.com/OASISopen
Facebook:  http://facebook.com/oasis.open

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]