OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: DAON Slide Thoughts

So, on the last call I noted that it was unclear to me what they thought the difference between a "Credentialing Service Provider" and an IdP was.  After another review I'm still confused but, I think their CSP may just be the authentication authority role in SAML.  I think the distinction they're trying to make is that many IdPs today implement both the authentication and attribute authority roles but most SPs this group encountered only cared about the former.

On slide 10, second bullet, they note that a lack of authentication authority only conformance.  This is probably something to consider as we move to our thematic documents and perhaps helps inform the question of whether conformance should really be a separate document or simple part of each profile document.

Slide 12, bullet #4 brings up geolocation within an authn request.  This is something we recently started needing here at Covisint as well.  Might be worth discussing on a call.

Slide 12, bullet #7 is also something I've seen come up here and at other places.  It's basically the question of "is there any way, as an IdP, I can 'ping' my SPs periodically just to make sure they're still alive".

Slide 16 brings up a point that I ran face-first into here.  IdP proxies/brokers are in the SAML spec if you really read it but not in big bold font like other usages of the spec.  Might be worth putting in some verbiage somewhere to raise the visibility a bit and make sure people do "the right thing".

Chad La Joie
Development Manager, Identity Services
covisint | Connect. Engage. Collaborate.
c 734.531.9087
chad.lajoie@covisint.com| covisint.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]