Donal K. Fellows wrote:
Karl Czajkowski wrote:
I am still not sure whether Donal is suggesting that JSDL should explicitly call out a use of SAML, or whether he just raises the question of whether SAML would serve as a nice, standardized mechanism for expressing rights management in the open content "slots" in the JSDL document. (A "SAML in JSDL Profile" document could probably serve as a good rallying point for getting interop between different implementors of a future messaging standard that embraces JSDL.)
The profile suggestion sounds a good official way of describing what I was thinking of. :^)
I completely agree with using relevant SAML features for carrying JSDL document's credibility. I would repeat my comment, also from our experience (sorry for using this argument :-) On Apr 07, Yuri Demchenko loaded a tape reading:
... I would say that using directly SAML assertion is too heavy solution. And actually SAML is used not for Subject identification but for Subject confirmation.
And again repeating:
So, I would like to see User/Subject section having two elements UserID/SubjectID and SubjectConfirmationData that can be extensible and include any type of assertion, e.g. SAML, or simply cryptovalue.
of which SubjectConfirmation is optional. Yuri