saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Question about affiliationOwnerID

Hello,

I'm trying to clarify SSO sequence and  contents of <AuthnRequest>
that use Affiliation.
To begin with Metadata, should I set same value to affiliationOwnerID
of <AffiliationDescriptor> with entityID of <EntityDescriptor> ?

For example, when "http://ServiceProvider.com"; is a member of
affiliation "http://AffiliationA.com";, is following metadata correct?

<md:EntityDescriptor entityID="http://AffiliationA.com";
        validUntil="..." xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
    <!-- QUESTION 1: Is entityID same as affiliationOwnerID? -->
    <md:AffiliationDescriptor affiliationOwnerID="http://AffiliationA.com";>
        <md:AffiliateMember>http://ServiceProvider.com</md:AffiliateMember>
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>...</md:KeyDescriptor>
        <md:KeyDescriptor use="encryption">
            <ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>...</md:KeyDescriptor>
   </md:AffiliationDescriptor>
</md:EntityDescriptor>

Thanks,

-- 
Hideki

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]