[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Comments on ISSUE:[UC-13-05:SecurityPolicy]
The candidate text reads: ---------------------------------------------------------------------- ISSUE:[UC-13-05:SecurityPolicy] Bob Morgan proposed a business-level requirement as follows: [CR-13-05-SecurityPolicy] Security measures in SAML should support common institutional security policies regarding assurance of identity, confidentiality, and integrity. Potential Resolutions: 1. Add this requirement to the use case and requirements document. 2. Leave this requirement out of use case and requirements document. ----------------------------------------------------------------------- I'm not quite sure what this requirement means. I can read it two ways: 1) SAML should have ways of encrypting, protecting integrity, authenticating, etc. In this case, I think we already have (or are discussing) the necessary requirements. 2) SAML should have a way of expressing an institutional policy and then automatically enforcing that policy through the mechanisms described in 1). This is a much bigger issue, and one that I'd definitely like to place out of scope. Have I missed the point on this one, or do others also find it unclear? - irving -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC