mace-opensaml-users - Re: SAML for Provisioning
Subject: OpenSAML user discussion
List archive
- From: Prasad <>
- To:
- Subject: Re: SAML for Provisioning
- Date: Thu, 29 Sep 2005 17:43:03 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=txg030AFISLTt8+0LTImP8rI9plJdf39HtEeZ2LCn8lSpy5tACarBxTZLcg+mc/UPkrF29QL7HwSzPub2GhLN8j9fV5DSWHExgM4F19sTAb8EnuUTG35UEyWsOMgQnSB+Dco36ADOXxBCr/waNqE0TeFrNGmtZdmw6sMA9CD8rk=
Chad La Joie wrote:
The people who were discussing this might have confused SAML with SPMLMy agrument was exactly what Chad pointed out but I made sure for myself that it was SAML that was being refered to and not SPML.
(Service Provisioning Markup Language), also by OASIS. While some
applications could use SAML to create accounts (the first time they see some
come across with a SAML assertion) but that's about it. SPML allows for
creation and deletion of accounts, setting, updating, and removing
attributes, and generally querying for an account, much more than what you
could do with SAML.
Chad La Joie 315Q St. Mary's Hall
Project Sentinel 202.687.0124
----- Original Message -----
From: Prasad
<>
Date: Thursday, September 29, 2005 5:09 pm
Subject: SAML for Provisioning
Hi all,
I came across several discussion where people believed that SAML can be used as a tool/protocol for User Provisioning. As far as my knowledge goes, and I am well familiar with SAML 1.X but less with SAML 2.0, I don't think User Provisioning is something that falls in SAMLs territory.
Is my understanding correct or am I missing something ? Also, can anyone think of any use cases where SAML (1.1 and 2.0) or Liberty Alliance can be leveraged for doing User Provisioning ?
Thanks.
Prasad.
Well creating a user account based on a strong SAML assertion (as Tom said) would upto some extent be considered as "User Provisioning". Agree. But then a user provisioning technology has much more to it than just creating user accounts. So for someone who is looking at a user provisioning solution, is it possible for us to present them with a use case where SAML can be presented as a protocol for doing just that ?
Scott's statement about "send only attributes, grant transitory access" being a minority use case makes complete sense to me. So, then it means SAML in its real sense cannot be used as a protcol for doing user provisioning / deprovisioning.
Any more thoughts on this are welcome. Please !
Prasad.
- SAML for Provisioning, Prasad, 09/29/2005
- Re: SAML for Provisioning, Tom Scavo, 09/29/2005
- RE: SAML for Provisioning, Scott Cantor, 09/29/2005
- Re: SAML for Provisioning, Mark Allen Earnest, 09/29/2005
- RE: SAML for Provisioning, Scott Cantor, 09/29/2005
- Re: SAML for Provisioning, RL 'Bob' Morgan, 09/29/2005
- Re: SAML for Provisioning, Prasad, 09/29/2005
- <Possible follow-up(s)>
- Re: SAML for Provisioning, Chad La Joie, 09/29/2005
- Re: SAML for Provisioning, Prasad, 09/29/2005
- Re: SAML for Provisioning, Tom Scavo, 09/29/2005
Archive powered by MHonArc 2.6.16.