[Concordia] meeting notes finally online

George Fletcher gffletch at aol.com
Fri Dec 14 16:45:27 EST 2007 

Being a newbie SAMLite... I equated a "claim" to an "attribute" and a 
"set of claims" to an "assertion". Is there any "approved" mapping of 
terminology? or is it all "fuzzy" and "it depends"?

Thanks,
George

Paul Madsen wrote:
> Given the ECP context of this sentence in the minutes, I think Mike has 
> half the jist
>
> It's about using a SAML ECP for IDP selection, in order to enable SSO 
> based on a pseudonym for the user, but with no additional (claimed) 
> attributes flowing along with the identifier.
>
> I expect that the confusion arose because, to me at least, (and perhaps 
> other SAMLilites), a 'claim' is synonomous with an 'assertion', so it 
> read strange to see the equivalent of  'no list of assertions'
>
> paul
>
> Beach, Michael C wrote:
>   
>> Maybe I am not following, but we have many cases, particularly in the
>> defense space where an SP/RP will want only subject identifier and
>> authentication attributes/level/context. The SP/RP has an internal
>> account that is associated with the subject identifier, all
>> authorization logic and authorization data is internal to the SP/RP. The
>> SP/RP only wants to know who are you and what level (or context, or ???)
>> authentication did you use.
>>
>> Mike Beach, CISSP
>> Chief Security Designer
>> Information Security
>> The Boeing Company
>> michael.c.beach at boeing.com
>>
>> -----Original Message-----
>> From: Eve Maler [mailto:Eve.Maler at Sun.COM] 
>> Sent: Friday, December 14, 2007 12:30 PM
>> To: Brett McDowell
>> Cc: community at projectconcordia.org
>> Subject: Re: [Concordia] meeting notes finally online
>>
>> Searching on those notes, I found this:
>>
>> "Mike J. captured this new scenario as "IdP Selection, Auth Attributes
>> but not list of claims"."
>>
>> That's what I was remembering, but now I want to review in light of the
>> great discussion from yesterday.  Britta has sent me her notes and I
>> hope to post them this afternoon or over the weekend.
>>
>>   Eve
>>
>> On Dec 14, 2007, at 12:23 PM, Brett McDowell wrote:
>>
>>   
>>     
>>> Eve, which scenario was that from?
>>>
>>> On Dec 13, 2007, at 11:58 AM, Eve Maler wrote:
>>>
>>>     
>>>       
>>>> Related to this, I had a question about the notes from the last 
>>>> workshop (which I've only read very quickly so far) -- there was 
>>>> something about "authentication attributes without claims" as a 
>>>> scenario, which I can't make heads/tails of...
>>>>
>>>>     Eve
>>>>
>>>>       
>>>>         
>> Eve Maler                                         +1 425 947 4522
>> Principal Engineer                            eve.maler @ sun.com
>> CTO Business Alliances group                Sun Microsystems, Inc.
>>
>> _______________________________________________
>> Community mailing list
>> Community at projectconcordia.org
>> http://lists.projectconcordia.org/mailman/listinfo/community
>>
>> Participating in this discussion list does not grant any intellectual
>> property rights or any commitment by the participants of the content
>> discussed to any organization.
>> _______________________________________________
>> Community mailing list
>> Community at projectconcordia.org
>> http://lists.projectconcordia.org/mailman/listinfo/community
>>
>> Participating in this discussion list does not grant any intellectual property rights or any commitment by the participants of the content discussed to any organization.
>>
>>
>>   
>>     
>
>   

-- 
Chief Architect                   AIM:  gffletch
Identity Services                 Work: george.fletcher at corp.aol.com
AOL LLC                           Home: gffletch at aol.com
Mobile: +1-703-462-3494
Office: +1-703-265-2544           Blog: http://practicalid.blogspot.com

More information about the Community mailing list