[dix] attribute assertions

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: [dix] attribute assertions
From: Dick Hardt <dick at sxip.com>
Date: Fri, 13 Jan 2006 14:59:40 -0800
Cc: dix at ietf.org, John Merrells <MERRELLS at sxip.com>
In-reply-to: <198A730C2044DE4A96749D13E167AD3787A810@MOU1WNEXMB04.vcorp.ad.vrsn.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD3787A810@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Sender: dix-bounces at ietf.org


On 13-Jan-06, at 1:56 PM, Hallam-Baker, Phillip wrote:

Our thinking is that DIX provides a mechanism for moving
attribute assertions... those assertions could be about
authentication or about attribute values... and they could be
presented as plain text, or as XML, or as SAML, or whatever
the endpoints agree to exchange.
SAML is an XML format for describing attribute assertions.
The reason I think you need to think about SAML rather than plain text is that in most of the cases that are interesting you are likely to be dealing with assertions from more than just the authentication provider, even though they might be distributed by the authentication provider.

SAML is one way to make a digital assertion. Supporting SAML would be A Good Thing.

There are also lighter weight ways of making verifiable assertions that don't have the overhead, complexity and potential uncertainty of SAML. There are also IP issues there.


For example I might have an account hallam at gmail.com, I might log onto
your blog and you might want to know what my Slashdot Karma is.

I think that the missing piece here is the identifier. Once you have a
common agreement on an identifier the other pieces fall into place.


Agreed

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- RE: [dix] Proposed Charter for DIX Working Group
  - From: Hallam-Baker, Phillip

Prev by Date: [dix] Authentication out of scope
Next by Date: RE: [dix] Authentication out of scope
Previous by thread: RE: [dix] Authentication out of scope
Next by thread: Re: [dix] Proposed Charter for DIX Working Group
Index(es):
- Date
- Thread

[dix] attribute assertions

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.