Re: [abfab] Alissa Cooper's Discuss on draft-ietf-abfab-aaa-saml-13: (with DISCUSS and COMMENT)

Leif Johansson <> Tue, 05 January 2016 19:42 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 59DCE1B2C2F for <>; Tue, 5 Jan 2016 11:42:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.661
X-Spam-Status: No, score=-1.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RHCe6g1_iLTQ for <>; Tue, 5 Jan 2016 11:42:50 -0800 (PST)
Received: from ( [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 787E11A6F62 for <>; Tue, 5 Jan 2016 11:42:50 -0800 (PST)
Received: from ( []) by (8.14.4/8.14.4/Debian-4) with ESMTP id u05JglE3026601 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <>; Tue, 5 Jan 2016 20:42:47 +0100
Received: from ( []) by (8.14.9/8.14.7) with ESMTP id u05Jgi7J024118 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for <>; Tue, 5 Jan 2016 20:42:46 +0100 (CET)
VBR-Info:; mc=all;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1452022966; bh=IFzXUC0aMJVcUH5H6n5QmYTc1NMiKjzpXDpUWF8rwa0=; h=Subject:To:References:From:Date:In-Reply-To; b=It2GXVNwhUTJAl9ZUKSnr56UW2PgZVYKLxK25jDTlXHCnAtfVmeMr5M3bJaOVsyjO jII7dtQfx5jq59k5z85HC8bZcJhrZnChT2FnwV8ZVH69tvqdHLB06nU5SUVO4TFwAw 76qf+7BTJZjanMi1d+OdV7ntdjO2xfNZ6oAZaxII=
X-Footer: c3VuZXQuc2U=
Received: from [] ([]) (authenticated user by (Kerio Connect 8.5.2) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for; Tue, 5 Jan 2016 20:42:41 +0100
References: <> <>
From: Leif Johansson <>
Message-ID: <>
Date: Tue, 5 Jan 2016 20:42:41 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-CanIt-Geo: ip=; country=SE; latitude=59.3294; longitude=18.0686;,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09Q2jGLoU - 9c5e77e653b5 - 20160105
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral ( is neither permitted nor denied by domain; client-ip=; envelope-from=<>;; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on
Archived-At: <>
Subject: Re: [abfab] Alissa Cooper's Discuss on draft-ietf-abfab-aaa-saml-13: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jan 2016 19:42:53 -0000

>> Regarding Section 4.3.3, do we typically use IETF documents to
>> normatively extend OASIS specs? Wanted to check since we try to keep an
>> eye on this kind of thing when other SDOs extend/alter IETF specs.
> Yes, various folks involved in OASIS SAML work reviewed this.
> I think the last was Scott Cantor, who's secretary of the OASIS
> security services TC that does SAML. I think we're good on that
> and it's just using planned extensibility points.

Scott was very clear that there is very little energy left in the SSTC
so the chance to get stuff done over there was very slight. Hence we
kept it all in the IETF.

Also this is partly about Radius so at least those bits would have
needed to stay as RFCs anyway.

	Cheers Leif