Other profiles will be required. The only point is to give these profiling specs clear guidelines on how they should approach the problem.
In any case, I get your point about what you want included in the core specification and why. I'll try and draft a proposal for the SAML format over the weekend and present it to the list. -cmort ________________________________________ From: Eran Hammer-Lahav [e...@hueniverse.com] Sent: Thursday, April 01, 2010 9:02 PM To: Brian Eaton Cc: Chuck Mortimore; OAuth WG Subject: Re: [OAUTH-WG] SAML Assertion Flow (was: Draft progress update) This boils down to: if the flow cannot be used without further profile, and it is less than a page long, what’s the value of putting it in the specification, as opposed to a fully specified extension? Or the alternative to provide one fully specified flow using the most common type of assertions (I’m not a SAML expert so I have no clue what that might be), and let others use that as a template. But providing a half baked flow that is short enough to just replicate where needed and cannot be fully implemented by generic libraries doesn’t really offer much. I am not putting a stake in the ground on this but I am doing my job as editor to point out to the authors and users of this spec that as written, the flow is just not actually useful. It has the same value as if I posted it on my blog because to use it, someone will have to write a new spec that profiles it to an interop-capable setup. EHL On 4/1/10 5:16 PM, "Brian Eaton" <bea...@google.com> wrote: On Thu, Apr 1, 2010 at 5:10 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Are they profiling a half page spec? The spec is 66 pages long. But the widely used pieces are quite a bit shorter. =) _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
