The Subject-based Profiles for SAML V1.1 Assertions is now open for public review (until 12 Aug 2008). Links to current and past versions of this profile will be found in the official wiki of the OASIS Security Services Technical Committee:
http://wiki.oasis-open.org/security/SamlSubjectProfiles The Subject-based Profiles place constraints upon SAML V1.1 assertions so that they align with SAML V2.0 assertions. It is believed that adherence to the Profiles will ease the transition from SAML V1.1 to SAML V2.0. As far as I know, the SAML assertions produced by today's Globus software adhere to the Subject-based Profiles except on two counts: 1. The NameQualifier XML attribute on the <saml:NameIdentifier> element SHOULD be omitted. 2. Certain deprecated values of the Format XML attribute on the <saml:NameIdentifier> element MUST NOT be used. If you have comments about these or other aspects of the Subject-based Profiles, please submit those comments as indicated in the attached message. By the way, the optional extension described in section 4 of the Subject-based Profiles is implemented in the Globus SAML Library, the version of OpenSAML 1.1 used in the GridShib SAML Tools and GridShib for GT. Moreover, the Library introduces a SAMLSubjectAssertion class that conforms to the Subject-based Profiles, which makes conformance simpler as a practical matter. Tom Scavo NCSA ---------- Forwarded message ---------- From: Mary McRae <[EMAIL PROTECTED]> Date: Fri, Jun 13, 2008 at 9:29 AM Subject: [security-services] Public Review of Subject-based Profiles for SAML V1.1 Assertions To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: OASIS SSTC <[EMAIL PROTECTED]> To OASIS members, Public Announce Lists: The OASIS Security Services (SAML) TC has recently approved the following specification as a Committee Draft and approved the package for public review: Subject-based Profiles for SAML V1.1 Assertions The public review starts today, 13 June 2008, and ends 12 August 2008. This is an open invitation to comment. We strongly encourage feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of OASIS work. Please feel free to distribute this announcement within your organization and to other appropriate mail lists. More non-normative information about the specification and the technical committee may be found at the public home page of the TC at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be located via the button marked "Send A Comment" at the top of that page, or directly at http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security. Submitted comments (for this work as well as other works of that TC) are publicly archived and can be viewed at http://lists.oasis-open.org/archives/security-services-comment/. All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. The specification document and related files are available here: Editable Source: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-s ubject-cd-01.odt PDF: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-s ubject-cd-01.pdf HTML: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-s ubject-cd-01.html Schema: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-s ubject.xsd OASIS and the Security Services TC welcome your comments. --------------------------------------------------- Mary P McRae Manager of TC Administration, OASIS email: [EMAIL PROTECTED] web: www.oasis-open.org --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
