OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SAML 2.1 Profile Documents

Okay, much later than what I wanted, here's my first round of suggestions for the new 2.1 profile documents.  The goal is to lump together like items in a way that an implementer could pick up one profile and implement it without ever needing to refer to the others (unless they need those functions too, of course).

Single Sing On
Covers browser basic web SSO, ECP, and SP initiated SSO

Discovery 
Covers 2.0 profile document section 4.3 and IdP Discovery Profile

Single Logout
I went back and forth in my head about whether this belong with SSO and, given its issues and complexities, decided having it as a separate thing probably made more sense.

Name ID Management
Covers 2.0 profile document sections 4.5 and 7

Query Services
Covers artifact resolution and attribute queries

The subject confirmation and SAML attribute sections in the current SAML 2.0 profile would be split up in to separate documents which could be rev'ed (and forgotten) independently.

Each of these documents would start with a section given a hopefully intelligible narrative of the problems the profile is trying to address, the environments it's expected to be deployed, and a general overview of how it works.  That should hopefully help people grasp the concepts before getting in to the weeds.  After that we'll move in to the weeds.  :)

A question that I posed before was whether we wanted to move much of the profile-specific protocol elements defined in the core document into their respective profile documents.  Common elements would still be in core.  I believe at the time the general consensus was that this would likely help readability of both documents but I wanted to bring it up again just in case people had additional thoughts on it.

Another item we may wish to consider is whether these documents might serve as a basis for different conformance classes.

Chad La Joie | Identity Management Architect
Covisint | Enabling information ecosystems.
m: 734.531.9087 | e: chad.lajoie@covisint.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]