[OGSA-AUTHZ] New version of SAML authorization profile
Von Welch
vwelch at ncsa.uiuc.edu
Sun Jun 12 11:17:47 CDT 2005
Mary,
I like your suggestion and will plan on incorporating it.
Von
Mary Thompson writes (11:35 June 10, 2005):
> Von,
> The only discord I see in the document is the part about SAML 1.1 vs
> 2.0. 2.0 was finalized in Mar 2005. Are you going to keep this document
> dated Feb 2005 and just ignore the fact that it won't be approved until
> later this summer? Maybe you could change some of the tenses in section
> 3. e.g At the time this document was written, SAML 1.1 was the latest
> version. (and we didn't want to wait for SAML 2.0).
>
> Mary
>
> Von Welch wrote:
>
> > I've uploaded a new version of the SAML authorization profile (dated
> > today, June 8th, urls below). This version has a number of corrections
> > in that the previous version of the document had contradictions
> > between sections or underspecification in places. I've confirmed with
> > both the major implementors (Globus and PERMIS) that they both have
> > the same interpretations of the ambiquities and captured those in the
> > new document. A complete list of changes is appended.
> >
> > Given the scope of changes, I propose that the group be given until
> > the upcoming GGF to comment. Barring substantial comments at that
> > point I propose the document has past last call and should be
> > advanced.
> >
> > Von
> >
> > Word version (with change tracking):
> > https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917
> >
> > PDF version:
> > https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918
> >
> >
> > Changes from January 2005 to current version:
> > * ?should? to ?SHOULD? in 6.1.2
> > * Removed editor?s comment in 6.1.2
> > * Updated WSS-X509 reference.
> > * In Appendix B: Added step about properly URI encoding hash per
> > RFC 1630.
> > * Updated acknowledgements.
> > * Numerous minor editorial corrections from Tom Scavo.
> > * Table 1: Corrected namespace prefixes to be lowercase.
> > * Clarified second sentence of the second paragraph of 6.1.4.2.
> > * Section 6.1.5: Changed to reflect renaming
> > of SubjectAttributeReferenceAdvice element.
> > * Table 1: Corrected ogsa-saml namespace to match with what is
> > in 7.3.
> > * Section 7.3: Removed unused xmlns:soap namespace.
> > * Section 7.3: Corrected xmlns:samlp namespace to match what is
> > in Table 1.
> > * Section 11: Removed reference to ?ADF? since it was undefined
> > in this document.
> > * Section 10: Updated David Chadwick?s contact information.
> > * Section 5.1: Added text clarifying what client should do if
> > they receive an unsigned response when a signed response was
> > requested.
> > * Section 6.1.2: Clarified between ConfirmationMethod between
> > when authentication was done with proxy certificates and end entity
> > certs.
> > * Section 6.1.4.1: Added note about moving to qualified name in
> > future version of the document.
>
> --
> ---------------------------------------------------------------------
> Mary R. Thompson <MRThompson at lbl.gov>
> Secure Grid Technologies Group (510) 486-7408
> Lawrence Berkeley National Lab http://dsd.lbl.gov/~mrt
> ----------------------------------------------------------------------
More information about the ogsa-authz-wg
mailing list