OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] DDDS RFCs, Liberty and SAML Metadata exchange protocol

John -
As Scott already responded, your suggestion is most definitely in harmony
with what is specified in Liberty's metadata discovery protocol. In fact, I
suspect most people are going to use the well-known location mechanism.
However, as Scott indicated, the question is if a providerID (be it an
assertion producer or an assertion consumer) can be specified in such a way
that is resolved to a well known location. I don't think this is a problem,
but will look into it more.

Thanks,
Jahan


----------------
Jahan Moreh
Chief Security Architect
310.286.3070

> -----Original Message-----
> From: Linn, John [mailto:jlinn@rsasecurity.com]
> Sent: Wednesday, September 17, 2003 5:27 AM
> To: 'jmoreh@sigaba.com'; Scott Cantor; Jeff.Hodges@Sun.COM
> Cc: security-services@lists.oasis-open.org
> Subject: RE: [security-services] DDDS RFCs, Liberty and SAML Metadata
> exchange protocol
>
>
> I'd suggest allowing support for the well-known location mechanism as well
> as the DNS-based approach for metadata acquisition, in case there are
> deployment environments where the DNS is under separate administration,
> outside the convenient control of those responsible for SAML deployment.
>
> --jl
>
> -----Original Message-----
> From: Jahan Moreh [mailto:jmoreh@sigaba.com]
> Sent: Tuesday, September 16, 2003 8:28 PM
> To: Scott Cantor; Jeff.Hodges@Sun.COM
> Cc: security-services@lists.oasis-open.org
> Subject: [security-services] DDDS RFCs, Liberty and SAML Metadata
> exchange protocol
>
>
>
> Scott and Jeff -
> I took some time today to read the DDDS RFC set (3401-3405) as
> well as NAPTR
> RFC (2915). I think I understand these sufficiently to follow Liberty's
> Metadata discovery specifications. It is still useful (though no longer
> critical) to have a conversation with Peter Davis to clear up a
> few things.
> I am now very much leaning towards proposing that we use DDDS/DNS for
> publishing SAML metadata.
>
>
> Thanks for your guidance,
> Jahan
>
> ----------------
> Jahan Moreh
> Chief Security Architect
> 310.286.3070
>
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the
> OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/security-services/mem
bers/leave
_workgroup.php.

To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave
_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]