OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Resend: ISSUE:[UC-8-0*:Intermediaries*]

My thoughts here are:
we need to keep SAML structure manipulation as simple as possible. I would
be very worried about permitting change of structure or content of an
[CR-8-01] and [CR-8-05] pretty much take care of this issue to my
Another direction of complexity is modeling unbounded assertion chaining:
assertion A depends on B, C and D; assertion B depends upon Q and so on.
Some of this stuff is needed: for example, in S2ML, entitlement assertions
referred to name assertions. Basically,
a login act results in a name assertion which provides the basis for
attributes published 
by different attribute authorities. So S2ML supported 1-level chaining. 
I would also express concern about a delegation model within SAML. There is
question that delegation is valuable and a core part of business practice;
the issue
is whether to include it within SAML 1.0.
- prateek 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC