RE: ISSUE:[UC-7-0{1|2}:Enveloping]

["Mishra, Prateek" <pmishra@netegrity.com>]

In general terms, I would characterize this issue 
as scoping or providing a framework for the
bindings work. Typically, XML processors are organized
around some kind of flexible packaging or protocol
framework: MIME, SOAP, ebXML, home-grown, etc. All of the more
mature frameworks provide "hooks" for additional stuff
like transactional state, security, headers of various
sorts. Legacy and home-grown protocols may not have these
flexibilities "built in"; I assume this is the case where
CR-7-01 would be of interest.

The idea of developing a SAML + business payload packaging framework
(essentially [CR-7-01:Enveloping] sounds pretty daunting to me.
It may be a "univeral" solution but one for which I guess we 
will not have sufficient bandwidth. MIME provides a compromise
in this space, as it is an existing "universal" packaging
framework and a SAML MIME binding may provide a general
enough setup.


- prateek







>>-----Original Message-----
>>From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com]
>>Sent: Thursday, March 22, 2001 1:32 PM
>>To: 'Orchard, David'; security-use@lists.oasis-open.org
>>Subject: RE: ISSUE:[UC-7-0{1|2}:Enveloping]
>>
>>
>>> Issue #1 instance
>>> 
>>> <envelope>
>>> <body>
>>> <updateSession>
>>> <SAMLAssertions>
>>> </SAMLAssertions>
>>> <Extensions></Extensions>
>>> </updateSession>
>>> <body>
>>> <envelope>
>>> 
>>> Issue #2 instance
>>> 
>>> <envelope><body>
>>> <sendStuff>
>>> <myStuff></myStuff>
>>> <saml:SAMLAssertions>
>>> </saml:SAMLAssertions>
>>> </sendStuff>
>>> </body></envelope>
>>> 
>>> In case #1, I see that the first piece of software that 
>>recieves a SAML
>>> request will be a SAML compliant piece of software.  It 
>>will then have
>>other
>>> parties registered for various pieces of the software.  
>>Whereas in case
>>#2,
>>> the first piece of software will be generic and have a 
>>pipeline of flow,
>>ie
>>> first step: validate saml components; second step: dispatch 
>>to myStuff
>>> handler.
>>> 
>>> It seems unclear to me which way an xml processor will 
>>operate on the
>>data.
>>> I really think we should have more of an idea of how the 
>>software will use
>>> this and flesh out our domain model and interactions before 
>>voting on
>>this.
>>> But that might just be the analyst in me.
>>> 
>>Hi Dave,
>>I am not sure I fully understand your concerns here. If I send a
>>document of type #1 to be processed by something expecting a document
>>of type #2, then things will fail. But this would be the case even if
>>SAML was not involved - surely the processor has to know how to handle
>>the document? Isn't this just a question of application logic - like
>>having to agree which protocol to use when two parties communicate
>>for anything meaning full to happen?
>>
>>Nigel
>>
>>------------------------------------------------------------------
>>To unsubscribe from this elist send a message with the single word
>>"unsubscribe" in the body to: 
>>security-use-request@lists.oasis-open.org
>>