atom feed12 messages in org.oasis-open.lists.security-servicesRE: [security-services] Re: Attribute...
FromSent OnAttachments
Tom ScavoMar 25, 2007 2:52 pm 
Tom ScavoMar 27, 2007 9:58 am 
Tom ScavoMar 27, 2007 10:17 am 
Staggs, David (SAIC)Mar 27, 2007 10:28 am.doc
Anderson, SteveMar 28, 2007 8:03 am.doc
Scott CantorMar 28, 2007 9:15 am 
Ari KermaierMar 29, 2007 9:27 am 
Tom ScavoMar 29, 2007 9:32 am 
Ari KermaierMar 30, 2007 9:04 am 
Hal LockhartApr 9, 2007 2:38 pm 
Staggs, David (SAIC)Apr 10, 2007 9:42 am.doc
Ari KermaierApr 12, 2007 11:14 am 
Subject:RE: [security-services] Re: Attribute Sharing Profile for X.509Authentication-Based Systems (Draft-12)
From:Ari Kermaier (ari.@oracle.com)
Date:Mar 29, 2007 9:27:25 am
List:org.oasis-open.lists.security-services

That looks good to me -- Tom? ::Ari

-----Original Message----- From: Scott Cantor [mailto:cant@osu.edu] Sent: Wednesday, March 28, 2007 12:15 PM To: 'Tom Scavo'; 'OASIS SSTC' Subject: RE: [security-services] Re: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)

I'm still not clear on how best to reword this. Scott, would you mind taking a crack at this? Here's how it stands now:

--------------------- The service provider and identity provider MAY use metadata in support of this deployment profile for locating endpoints, communicating key information, and so on. If SAML V2.0 metadata is used, the <md:AttributeAuthorityDescriptor> element defined by the SAML metadata specification [SAMLMeta] and the query:AttributeQueryDescriptorType complex type defined by the SAML metadata extension specification [SAMLMeta-Ext] SHOULD be used with this deployment profile.

Here's a suggested change:

--------------------- The service provider and identity provider MAY use metadata in support of this deployment profile for locating endpoints, communicating key information, and so on. If SAML V2.0 metadata is used, the identity provider SHOULD use the <md:AttributeAuthorityDescriptor> element defined by the SAML metadata specification [SAMLMeta]. The server provider SHOULD use the query:AttributeQueryDescriptorType complex type defined by the SAML metadata extension specification [SAMLMeta-Ext], or it MAY use the <md:SPSSODescriptor> element defined by SAML metadata specification [SAMLMeta] if it also offers profile support consistent with that element. Other role types defined in future specifications MAY be used in conjunction with this profile, subject to agreement by the parties.

If you want to leave out the future proofing, let me know and I'll reword it stronger.