[WG-IDAssurance] Fwd: [members] Public Review of SAML V2.0 Identity Assurance Profiles Version 1.0 - 15 day review
paulmadsen at rogers.com
Fri Aug 27 08:09:58 EDT 2010
this is the second round of public review for the assurance profile
-------- Original Message --------
Subject: [members] Public Review of SAML V2.0 Identity Assurance
Profiles Version 1.0 - 15 day review
Date: Thu, 26 Aug 2010 22:42:05 -0400
From: Mary McRae <mary.mcrae at oasis-open.org>
To: members at lists.oasis-open.org, tc-announce at lists.oasis-open.org
CC: OASIS TAB <tab at lists.oasis-open.org>, oasis sstc
<security-services at lists.oasis-open.org>
To OASIS members, Public Announce Lists:
The OASIS Security Services TC has recently approved the following specification as a Committee Draft and approved the package for public review:
SAML V2.0 Identity Assurance Profiles Version 1.0
The public review starts today, 26 August 2010, and ends 10 September 2010. This specification was previously submitted for a 60-day public review on 14 April 2010; this 15-day review is limited in scope to changes made from the previous review. All changes are highlighted/indicated in the accompanying change log/noted in the change log contained in the appendix.
This is an open invitation to comment. We strongly encourage feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of OASIS work.
More non-normative information about the specification and the technical committee may be found at the public home page of the TC at:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be located via the button marked "Send A Comment" at the top of that page, or directly at:
Submitted comments (for this work as well as other works of that TC) are publicly archived and can be viewed at:
http://lists.oasis-open.org/archives/security-services-comment/. All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members.
The specification document and related files are available here:
The following changes were made since the last public review:
1) Reworked Section 1.1 'Motivation' to be more focussed and concise. Made more explicit the two distinct pieces of the document - 1) a metadata profile for expressing assurance certifications and 2) guidelines for using authncontext to carry assurance
2) Updated the reference in Section 1.5 'Non-normative references' to point to the Kantara Initiative Identity Assurance Framework
3) Significant reworking of Section 2 'AuthnContext Level-of-Assurance Profile', changed title to 'AuthnContext Identity Assurance Guidelines'
Changed section from what had been cast as a normative profile into non-normative guidelines for using authncontext to carry assurance levels.
Replaced schema constructs with prose guidelines for defining LOA class URIs - now found in Section 2.1
4) In Section 3 'Identity Assurance Certification Attribute Profile', added detail to the 'Profile Overview' in Section 3.2 as to how certification information is added to an entities metadata.
5) In Section 3.6 'Example', added detail as to how certification information is added to an entities metadata
6) Removed Section 4.1 'AuthnContext Level-of-Assurance Profile Conformance' as the profile in question was recast as guidelines - obviating the need for conformance
OASIS and the Security Services (SAML) TC welcome your comments.
Mary P McRae
Director, Standards Development
Technical Committee Administrator
OASIS: Advancing open standards for the information society
email: mary.mcrae at oasis-open.org
twitter: @fiberartisan #oasisopen
This email list is used solely by OASIS for official consortium communications.
Opt-out requests may be sent to member-services at oasis-open.org, however, all members are strongly encouraged to maintain a subscription to this list.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Attached Message Part
More information about the WG-IDAssurance