[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Hi-level issues
ITEM #1 (Push/Pull) is also described in ITML session mgmt. Please add David Orchard to item #3. I think you are missing a couple of issues: ISSUE[UC-01:Framework] Should A2ML provide a framework that allows delivery of security content negotiated out-of-band. A typical use case is authorization extensions to the core A2ML constructs. The contra-position is to rigidly define the constructs without allowing extension. ISSUE[UC-02:Envelope] Should A2ML provide the top level constructs of messages and allow for application specific extensions, or should A2ML provide non-top level constructs that can be embedded in another protocols defined messages. Dave > -----Original Message----- > From: Darren Platt [mailto:dplatt@securant.com] > Sent: Thursday, February 01, 2001 11:03 AM > To: UseCaseList > Subject: Hi-level issues > > > Here is my current view of open issues, with a first cut at > grouping them > for discussion/resolution. This list is rough - I was asked > on the call > yesterday to share some written notes on the concall so I > tried to clean it > up a bit as I transcribed it. I've attempted to capture the > major areas > which need our attention. The inclusive issue list will be ready with > Strawman #2. That said, if there are any major issues that > you feel I have > left out, please bring them to my attention. > > Next to each issue, I've tried to capture the people who seem to be > interested or have relevant input. If you would like to be > added to an > issue, let me know that as well - I will do my best to make > sure that you > are apprised of any meetings related to that issue. > > Working Threads/Related Issues (in no meaningful order) > > 1. SSO Push/Pull Variations > Shibboleth - How does it relate to SSO Use Cases 1 and > 2? Anders, Hal, > BobM, BobB (Reqs. doc avail) > How do we get SSO from Trusted 3rd Party AuthC service > to website? > ARundgren post 1/27 > ARundgren's Push Variation posted 1/27 > Purple - How does it relate, what are additional requirements? > > 2. B2B Scenario Variations > "one of the exchanges (exchange A) was inserting > statements into the > documents as they flowed thru it." Nigel > Add AuthN assertions. Nigel > > 3. Inclusion of Session in Standard - BBlakley, TMoses, Hal, Nigel > > 4. Security Service definition? PMisra, > - Attribute Authority Behavior - Hal, Bob > - "... concept is from S2ML, in which a user may allow > a server to host its > private key for it. The user is identified in the > "credentials" element and > the server is identified in the "(key-)holder" element" TMoses > > 5. Permitted AuthC protocols Nigel, Hal, > > 6. "XML Protocol Binding" vs. "SOAP Binding" - NEdwards > > > New Scenarios/Requirements > Nigel has 2 (1/24 post) > ITML-based UCs (Log-off, Timeout, Browser-based > SSO,...) - David Orchard > Phil Hallam-Baker's requirements - submitted 1/22 > > > Refinement Suggestions: > Nigel's 1/22 email. (several suggestions) > Add AuthN assertions to Application Chain UC. Nigel > > Terminology - Jeff Hodges > > Attribution of Credit - Dave Orchard > > Narrowing Scope - Anders' 1/20 email > > That's the list. > > Regards, > > Darren Platt > Principal Technical Evangelist > Securant Technologies > 1 Embarcadero Center, Floor 5 > San Francisco, CA 94111 > tel - (415) 315-1529 > fax - (415) 315-1545 > http://www.securant.com/ > ----------------------------- > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC