Talk:Security Assertion Markup Language
|WikiProject Computer Security / Computing|
kiran It would be good if there was an overview of how it works (i.e. the general idea of passingauthentication strings back and forth), rather than leaping in with xml code.—The preceding unsigned comment was added by 188.8.131.52 (talk • contribs).
The text should avoid anthropomorphic language. In the summary it says, "SAML does not care..." But SAML is a specification, and does not have "cares". It would be better to say, "SAML is confined to X, and does not specify Y."
Maybe it would be good to move the detailed SAML 1 stuff to its own page? Or if that's too intrusive, at least change the order to show 2.0 first (most prominently) and 1.1 and 1.0 further down the page? --Raboof 08:31, 31 January 2007 (UTC)
- If you can contribute more specifics about how 2.0 differs from 1.x, then that would probably be a better first step. There isn't much discussion about that yet, and I would assume that many of the 1.x concepts and discussion are still relevant for 2.0 -- Bovineone 14:26, 1 February 2007 (UTC)
Updated SAML Topic
A refactored SAML topic is in progress!
184.108.40.206 02:11, 4 February 2007 (UTC)
- Is it really necessary to split it into two pages? They don't seem that different. -- Bovineone 23:15, 14 March 2007 (UTC)
SAML 1.1 and SAML 2.0 are very different, in the details especially. (Moreover, SAML 1.1 and SAML 2.0 are incompatible, on the wire.) So the idea is this:
- The SAML topic is a basic introduction to SAML. Almost no XML (in response to a previous comment). Presentation is as nontechnical as possible. Includes a generic flow that conveys (hopefully) the basic motivation for SAML. The concepts that have persisted across versions of SAML are captured in the introductory SAML topic.
- The SAML 1.1 topic includes details about that version of SAML only, including detailed examples and flows. (It is essentially a minor edit of the existing SAML topic, which was written before SAML 2.0.)
- Likewise, the SAML 2.0 topic also includes many details. SAML 2.0 is significantly different than SAML 1.1.
I don't think it would be wise to include all of this in one topic. First of all, the resulting topic would be about 30 pages long. Second of all, the intermingling of SAML 1.1 code and SAML 2.0 code would just confuse people. It seems better to totally separate the topics. Trscavo 18:02, 17 March 2007 (UTC)
Oh, and the list of references for SAML 1.1 and SAML 2.0 is totally different. Another good reason to separate the two topics. Trscavo 18:12, 17 March 2007 (UTC)
The SAML topic has been updated (in a major way). New SAML 1.1 and SAML 2.0 topics have been created. Trscavo 20:11, 24 March 2007 (UTC)
In what sense is SAML a Cryptography Standard? Besides XML-based standards, the best category I can find is Security software. Can anybody think of other relevant Wikipedia categories?
220.127.116.11 00:29, 5 February 2007 (UTC)
Removed Cryptography Standard designation. Trscavo 00:27, 25 March 2007 (UTC)
Ambiguity: "request at the identity provider"
Where the text currently says "all flows begin with a request at the identity provider," that "at" is a bit ambiguous.
It's not clear whether the text refers to a request from the identity provider (i.e., on its way to a service provider), or to a request to the identity provider (i.e., the flows begin after (ignore) the slightly preceding action of the request's being sent from the service provider).