RE: Group 5 summary to Oasis TC

[Krishna Sankar <ksankar@cisco.com>]

Pratek,

	It is my humble opinion that we need the authentication models as well.
From what I know, there are no standards doing this and this is an important
piece. This would help B2B interactions, web services interactions (I am
actually builing a model architecture for web services and would definitely
benefit from an authentication flow and structure) and other internet based
interactions.

	To make the loooong story short, I support your position and please let me
know how I can help to evangelize the concept.

cheers

|-----Original Message-----
|From: Mishra, Prateek [mailto:pmishra@netegrity.com]
|Sent: Thursday, March 01, 2001 10:15 AM
|To: security-use@lists.oasis-open.org
|Subject: Group 5 summary to Oasis TC
|
|
|Folks,
|
|I plan to submit the following summary to Darren and thence to
|the Oasis TC. Send me your comments (soon).
|-------------------------------------------------------------------
|---------
|---
|
|The Use-Case group has voted (UC-5:-03) against the direct
|use of SAML for authentication. SAML should not model or
|express one or more authentication methods or a framework
|for authentication.
|
|However, SAML must somehow connect with a variety of existing
|and future authentication engines. It must provide sufficient vocabulary
|to make this connection. Currently, there is a lack of a model for this
|connection (terminology, information flow). As a result there is some
|continuing discussion and a lack of consensus on an exact characterization
|of the components of the "connection" that need to be included within
|SAML.
|
|------------------------------------------------------------------
|To unsubscribe from this elist send a message with the single word
|"unsubscribe" in the body to: security-use-request@lists.oasis-open.org
|