OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: EntitiesDescriptor/@ID value

A question in our community arose, whether a dynamically changing
md:EntitiesDescriptor/@ID value in SAML metadata had any advantages,
esp. security-related ones, where the md:EntitiesDescriptor is signed
and the ID value is used as reference for signing (ds:Reference/@URI).

If doing so provides no real benefit (as some have claimed) a static
value would allow some metadata consumers to match on the ID value for
other, internal purposes.

Though keeping the ID static at all times, even when the document
changes (e.g. <md:EntityDescriptor>s being added or removed or
changed), might also have/cause other issues?

Thanks,
-peter

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]