[OGSA-AUTHZ] comments re Use of SAML to retrieve Authorization Credentials

Tom Scavo trscavo at gmail.com
Thu Oct 2 16:54:33 CDT 2008 

Attached is a comprehensive set of comments re the OGF document "Use
of SAML to retrieve Authorization Credentials" currently under Public
Review.  The attached document
"Comments_OGF_SAMLAttributeExchange.pdf" contains all the issues I've
raised previously plus one new issue (Issue 2b).  The attached
document "Attribute PullProfilev1.4-trs.doc" is a marked up copy of
the source document under Public Review (included here for the first
time).

Overall, the document under Public Review, and the OASIS specification
on which it depends, need a lot of work.  I'm sorry I didn't realize
this earlier, but as I've said, it couldn't be helped.  Much has
happened since the last version of "Use of SAML to retrieve
Authorization Credentials" was published last March.

Related to this, the OASIS "SAML V2.0 Holder-of-Key Assertion Profile"
is progressing through committee at this time.  Another document "SAML
V2.0 Holder-of-Key Assertion Request Profile" has been drafted, but
has not yet been submitted to the OASIS SSTC.  With these two
documents in hand, a new "SAML V2.0 Attribute Self-Query Profile" will
be written, which the SSTC has agreed (in principle) to consider in
due time:

http://wiki.oasis-open.org/security/CfPi2008

I can't predict with any accuracy how long it will take these
documents to wind their way through the OASIS process, but it could be
some number of months before the specs stabilize.

Tom Scavo
NCSA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Comments_OGF_SAMLAttributeExchange.pdf
Type: application/pdf
Size: 34913 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/ogsa-authz-wg/attachments/20081002/2df96ab9/attachment-0001.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Attribute PullProfilev1.4-trs.doc
Type: application/msword
Size: 166912 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/ogsa-authz-wg/attachments/20081002/2df96ab9/attachment-0001.doc

More information about the ogsa-authz-wg mailing list