[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] DDDS RFCs,Liberty and SAML Metadata exchange protocol
> I'd suggest allowing support for the well-known location > mechanism as well as the DNS-based approach for metadata > acquisition, in case there are deployment environments where > the DNS is under separate administration, outside the > convenient control of those responsible for SAML deployment. I assumed Jahan meant exactly that, since Peter's document specs out both. Well-known is obviously pretty trivial to spec. I think the deeper issue for SSTC understand is that the reason these lookups work in Liberty is that the entities in the system are all assigned a URI-based identifier as their ProviderID for protocol purposes, and that ID appears in all the messages. I consider it akin to what SAML's Issuer could be, if Issuer is added to Request and Response. The idea is that ProviderID or Issuer or whatever is the way you tie the SAML message to the underlying credential presented at the transport layer, or used to sign the message or whatever. Metadata (more specifically trust metadata) is the glue. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]