[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] use of protocolSupportEnumeration
On 6/14/06, Scott Cantor <cantor.2@osu.edu> wrote: > Tom Scavo wrote: > > > > <md:AttributeAuthorityDescriptor > > protocolSupportEnumeration="urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic"> > > Protocols are not profiles. They're something broader than that. > Profiles are captured by the endpoint elements themselves, in particular > roles, in combination with particular bindings. > > If something is a SAML 2.0 profile, then the protocol enumeration > constant is probably just SAML 2.0. If not, it's not. Well, let me push back just a little bit, because I'm still confused. Noting the two URIs I quoted earlier, urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic urn:oasis:names:tc:SAML:profiles:query:attributes:X509-encrypted plus the related URI from [SAMLProf] urn:oasis:names:tc:SAML:2.0:profiles:query we have at least three attribute exchange profiles from which to choose (plus I have a SAML 1.1 attribute exchange profile I'd like to add to the mix). 1. How does an IdP advertise its support for one or more of these profiles? 2. How does an SP advertise its support for one of more of these profiles? Seems like the latter is particularly important otherwise an IdP won't know how to respond to a particular attribute query. Suppose, for example, an IdP receives an attribute query with an encrypted NameID? How does it know which of the above three profiles is in effect? There is nothing in the metadata to help it make this determination, it seems. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]