[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: My Votes on 6, 7, 8, and 9
Thought I'd throw my votes out there. ---8<--- [UC-6-01:XMLProtocol] 1. Change requirement for binding to SOAP to binding to XML Protocol. * 2. Leave current binding to SOAP. 3. Remove mention of binding to either of these protocols. ESP: I believe David's right on this, SOAP is what's there. [UC-7-01:Enveloping] * 1. Add proposed requirement [CR-7-01:Enveloping]. 2. Do not add this proposed requirement. ESP: We need to explicitly require this kind of functionality, especially for session management, single-signon, etc. [UC-7-02:Enveloped] * 1. Add proposed requirement [CR-7-02:Enveloped]. 2. Do not add this proposed requirement. ESP: This is crucial not only for B2B usage, but also for making SAML useful for other XML standards. [UC-8-01:Intermediaries] * 1. Add proposed requirement [CR-8-01:Intermediaries]. 2. Do not add this requirement to the document. ESP: It's too limiting not to allow some form of intermediary. [UC-8-02:IntermediaryAdd] * 1. Add the given use-case scenario to the document. 2. Don't add this use-case scenario. ESP: This seems useful, especially in combination w/ UC-8-05. [UC-8-03:IntermediaryDelete] * 1. Add the given use-case scenario to the document. 2. Don't add this use-case scenario. ESP: It's been discussed, it is a use case, we need to address it (but within the scope of UC-8-05). [UC-8-04:IntermediaryEdit] * 1. Add this use-case scenario to the document. 2. Don't add this use-case scenario. ESP: Again, it's something that's going to happen, we need to address it explicitly. [UC-8-05:AtomicAssertion] * 1. Add the non-goal [CR-8-05:AtomicAssertion] to the document, and change use case scenarios to specify that intermediaries must treat assertions as atomic. 2. Don't add this non-goal. ESP: An important clarification for all the intermediary use case scenarios that, if not stated, could greatly increase the work of the TC. [UC-9-01:RuntimePrivacy] * 1. Add the proposed non-goal [CR-9-01:RuntimePrivacy]. 2. Do not add this proposed non-goal. ESP: I believe that privacy and disclosure should be negotiated between trust partners, and between user and service, out-of-band. The overhead of making policy statements is too high. [UC-9-02:PrivacyStatement] 1. Add [CR-9-02-3-DisclosureMorgan] as a requirement. 2. Add [CR-9-02-2-DisclosureBlakley] as a requirement. 3. Add [CR-9-02-4-DisclosureMishra] as a requirement. * 4. Add none of these as requirements. ESP: I think if we have [CR-9-01] added, we can dismiss the issue of privacy. ---8<--- ~ESP
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC