RE: [wss] proposed terminology addition to STP - impersonation

[Anthony Nadalin <drsecure@us.ibm.com>]

ahhh, I was on "Attesting Entity"

Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
"Don Flinn" <flinn@alum.mit.edu>

"Don Flinn" <flinn@alum.mit.edu>

03/10/2004 08:18 PM

To	"WSS" <wss@lists.oasis-open.org>, Anthony Nadalin/Austin/IBM@IBMUS
cc
Subject	RE: [wss] proposed terminology addition to STP - impersonation

Tony

I don't see any definition of impersonation in the SAML Glossary. But more to the point, the reason I asked Ron to include a definition of impersonation was that at the time he and Rich Levinson were defining a protocol in the SAML profile, which used impersonation . This I felt would lead users to assume that using the impersonation capability would be equivalent to using delegation, since the difference between the two is subtle to the uninitiated. In fact, the two are quite different in that in delegation the delegator should be able to say who can act as delegatees for him and to limit what activities the delegatees can perform in the delegator's name. Impersonation says that anyone can do anything in the name of the impersonated entity. However, since this addition to the specification is not being incorporated, I withdraw my request.

Don

-----Original Message-----
From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 09, 2004 4:56 PM
To: 'wss@lists.oasis-open.org'
Subject: Re: [wss] proposed terminology addition to STP - impersonation


Can't you just put a reference to the SAML Glossary in the appendix and thus not define duplicate terms ?

Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
Ron Monzillo <Ronald.Monzillo@Sun.COM>



Ron Monzillo <Ronald.Monzillo@Sun.COM>

03/09/2004 09:15 AM

To	"'wss@lists.oasis-open.org'" <wss@lists.oasis-open.org>
cc
Subject	[wss] proposed terminology addition to STP - impersonation


Donn Flinn asked that a definition of impersonation be added to the
terminology section of the SAML token profile.

I propose that the following line be added (at about line 183).

Impersonation – occurs when the attesting entity is not the subject of
the assertions.

where attesting entity is already defined as:

175 Attesting Entity – the entity that provides the confirmation
evidence that will be
used to establish the correspondence between the subject of SAML subject
statements (in SAML assertions) and SOAP message content.


To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.