[jsdl-wg] my view on "user credentials"
Donal K. Fellows
donal.k.fellows at manchester.ac.uk
Wed Mar 30 04:46:13 CST 2005
Karl Czajkowski wrote:
> I don't disagree that user credentials will be important for many
> jobs. However, I disagree that a type and semantics-free
> UserCredential field, as in the current draft, actually helps.
I think I can agree with that (and I like your motivating examples). But
there is a way forward. We can drop the UserCredential element itself
but instead allow a sequence of SAML assertions or assertion references.
This is a clearly defined (if large) standard and so using it would be a
good thing.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
In particular, the SAML <AssertionIDRef> <AssertionURIRef> <Assertion>
and <EncryptedAssertion> elements (of SAML 2.0) seem to cover just about
any use case I could possibly think of *except* hand-authoring the whole
document, but that isn't really something you'd want to do anyway when
working with such things. Instead, the first software agent to handle
the JSDL document would probably set all that up.
If you're trawling the SAML spec, I focussed on saml-core-2.0-os.pdf and
especially on Section 2.
A separate issue is whether the SAML assertions would be best structured
under the User element. Possibly not...
Donal.
More information about the jsdl-wg
mailing list