[OGSA-AUTHZ] New version of SAML authorization profile
Mary Thompson
mrthompson at lbl.gov
Fri Jun 10 13:35:02 CDT 2005
Von,
The only discord I see in the document is the part about SAML 1.1 vs
2.0. 2.0 was finalized in Mar 2005. Are you going to keep this document
dated Feb 2005 and just ignore the fact that it won't be approved until
later this summer? Maybe you could change some of the tenses in section
3. e.g At the time this document was written, SAML 1.1 was the latest
version. (and we didn't want to wait for SAML 2.0).
Mary
Von Welch wrote:
> I've uploaded a new version of the SAML authorization profile (dated
> today, June 8th, urls below). This version has a number of corrections
> in that the previous version of the document had contradictions
> between sections or underspecification in places. I've confirmed with
> both the major implementors (Globus and PERMIS) that they both have
> the same interpretations of the ambiquities and captured those in the
> new document. A complete list of changes is appended.
>
> Given the scope of changes, I propose that the group be given until
> the upcoming GGF to comment. Barring substantial comments at that
> point I propose the document has past last call and should be
> advanced.
>
> Von
>
> Word version (with change tracking):
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917
>
> PDF version:
> https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918
>
>
> Changes from January 2005 to current version:
> * ?should? to ?SHOULD? in 6.1.2
> * Removed editor?s comment in 6.1.2
> * Updated WSS-X509 reference.
> * In Appendix B: Added step about properly URI encoding hash per
> RFC 1630.
> * Updated acknowledgements.
> * Numerous minor editorial corrections from Tom Scavo.
> * Table 1: Corrected namespace prefixes to be lowercase.
> * Clarified second sentence of the second paragraph of 6.1.4.2.
> * Section 6.1.5: Changed to reflect renaming
> of SubjectAttributeReferenceAdvice element.
> * Table 1: Corrected ogsa-saml namespace to match with what is
> in 7.3.
> * Section 7.3: Removed unused xmlns:soap namespace.
> * Section 7.3: Corrected xmlns:samlp namespace to match what is
> in Table 1.
> * Section 11: Removed reference to ?ADF? since it was undefined
> in this document.
> * Section 10: Updated David Chadwick?s contact information.
> * Section 5.1: Added text clarifying what client should do if
> they receive an unsigned response when a signed response was
> requested.
> * Section 6.1.2: Clarified between ConfirmationMethod between
> when authentication was done with proxy certificates and end entity
> certs.
> * Section 6.1.4.1: Added note about moving to qualified name in
> future version of the document.
--
---------------------------------------------------------------------
Mary R. Thompson <MRThompson at lbl.gov>
Secure Grid Technologies Group (510) 486-7408
Lawrence Berkeley National Lab http://dsd.lbl.gov/~mrt
----------------------------------------------------------------------
More information about the ogsa-authz-wg
mailing list