[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML V2.0 Deployment Profiles for X.509 Subjects
I've uploaded a new document set (ODG, ODT, PDF, XSD) entitled SAML V2.0 Deployment Profiles for X.509 Subjects (Draft 01). This new set of documents supersedes the document set entitled SAML V2.0 Profiles for X.509 Subjects (Draft 11), which was previously withdrawn. The SAML V2.0 Deployment Profiles for X.509 Subjects actually contains three related deployment profiles: 1. X.509 SAML Subject Deployment Profile 2. SAML Attribute Query Deployment Profile for X.509 Subjects 3. SAML Attribute Self-Query Deployment Profile for X.509 Subjects The latter is a straightforward, but separate, extension of the Attribute Query Deployment Profile. Both depend on the X.509 SAML Subject Deployment Profile. Given earlier discussion we've had regarding similar profiles based on X.509 authentication, there are at least two portions of the document that require close scrutiny: - The X.509 SAML Subject Deployment Profile requires that the NameID satisfy RFC 2253. - The metadata bits in sections 3 and 4 have been substantially rewritten. There are still substantial metadata requirements but the use of newly profiled XML attributes is strictly OPTIONAL. I've trimmed the Editor and Contributor lists, and started from scratch, but I'm not entirely comfortable with this. The overlap between this deployment profile and the SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems is substantial, which argues for an expanded contributor list, but then there would be little to distinguish this deployment profile from earlier work. Suggestions? Since there's no precedent for so-called deployment profiles, I'm not sure if I've hit or missed the mark. At any rate, your comments are appreciated. Tom Scavo NCSA/University of Illinois
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]