Hoff
unread,Nov 25, 2009, 7:56:21 AM11/25/09Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to A6 (Audit, Assertion, Assessment, and Assurance API) Working Group
While your question may be directed at CTP, I'll suggest that neither
CTP or A6 is about "publishing" the capabilities of a CSP.
Neither are a service registry, although they may need to be aware of
such functionality. The consumer of said intelligence from
a CSP via A6 or CTP may need to directly query the CSP for
capabilities as well as configuration, compensating controls, etc.
Further, *most* (if not all) "anonymous queries" are not welcomed; any
request to a CSP for validation of a sensitive validation, assurance,
audit, etc.
information must be authenticated and authorized, hence the discussion
of SAML and OAuth.
/Hoff
On Nov 25, 3:42 am, Gilad Parann-Nissany <
gi...@parann.net> wrote:
> Sorry if this question is naive.
>
> I was under the impression the main goal was to facilitate "publishing" the
> capabilities of cloud X, and this seems to imply anonymous queries are
> welcome and encouraged.
>
> Where exactly do SAML or OAuth come into the picture? What am I missing
> please?
>
> Regards
> Gilad
> __________________
> Gilad Parann-Nissany
> CEO, Founderhttp://
www.porticor.com/
>
> On Wed, Nov 25, 2009 at 00:14, Joe Stein <
crypt...@gmail.com> wrote:
> > OAuth for programmatic access. This is pretty standard now thanks to
> > mashups and social networking.
>
> > SAML for user federation if a ui emerges
>
> > /*
> > Joe Stein
> >
http://www.linkedin.com/in/charmalloc
> > */
>
> > On Nov 24, 2009, at 2:57 PM, Ramkaran <
ram.ka...@gmail.com> wrote:
>
> > I think riding on a SAML like assertion approach makes sense before
> >> the RESTful conversation.
>
> >> Ramkaran
> >>
ramkaran.rudrava...@sifycorp.com