[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAML 2.1 Protocol Reorg Idea
> There are some general rules in the initial sections (the ones everybody > misses that explain rules for strings and dates for example), but no, I was > referring mainly to the protocol sections. A bit of what's in assertions would > also tend to cross profiles (e.g., the stuff on validity). Yes, all the assertion stuff would stay in Core as well. > Based on that, I think the direction you would be headed is probably to leave > a lot of the early part of core intact, but essentially collapse the protocols and > their profiles by taking advantage of the fact that most of the protocols really > only had 1 profile defined for them. Yes, exactly. > I can see why that would make sense, though it obviously makes any > subsequent profile from a third party much larger and duplicative. But that > isn't really this TC's problem at this stage. The extension process isn't really any different. You refer to the protocol/profile document instead of the core document. > As a point of background, the reason the Authentication Request protocol is > done the way it is, and the reason SSO is done so abstractly in terms of it is > WS-Trust. I think it's past time to just go back and dump all that abstraction. Yep, completely agree. For my point of view, the big thing for 2.1 is just making this stuff easier to follow and that certainly means making some of the abstract wording much more concrete.