[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Interop Test question: Metadata 2.0 EndpointType question
IMHO, "A" is the (only) proper interpretation. The text, "When a role contains an element of this type pertaining to a protocol or profile for which only a single type of message (request or response) is applicable, then the ResponseLocation attribute is unused" is refereeing to endpoints like the Assertion Consumer Service and the SSO Service which would only ever receive a particular type of message (response or request respectively). It makes no mention of binding - perhaps it should be called out that a response location for a synchronous binding is nonsensical but that really should be clear. The text below from metadata implies (I think) that ResponseLocation is optional and that if it's not included, the Location should be used for both request and response. "ResponseLocation [Optional] Optionally specifies a different location to which response messages sent as part of the protocol or profile should be sent. The allowable syntax of this URI depends on the protocol binding." > -----Original Message----- > From: Eric Tiffany [mailto:eric.tiffany@ieee-isto.org] > Sent: Wednesday, September 28, 2005 10:42 AM > To: SAML > Subject: [security-services] Interop Test question: Metadata 2.0 EndpointType question > > We have a small difference of opinion I'd like to resolve. > > The EndpointType (starting line 225 of Metadata spec) provides an optional > ResponseLocation: > > The ResponseLocation attribute is used to enable different endpoints > to be specified for receiving request and response messages associated > with a protocol or profile, not as a means of load-balancing or > redundancy (multiple elements of this type can be included for this > purpose). When a role contains an element of this type pertaining to a > protocol or profile for which only a single type of message (request > or response) is applicable, then the ResponseLocation attribute is > unused. > > We have one implementation ("A") that is omitting the ResponseLocation from > its metadata specification for HTTP-Redirect SLO because the Location > endpoint can handle both the request and response. Another implementation > ("B") interprets the text above to mean that the ResponseLocation should > only be omitted for the SOAP binding, and is requiring that the > ResponseLocation be specified in metadata for other bindings. > > I tend to agree with "A", but wondered if anyone (besides "B") sees a > potential for confusion in the usage of EndpointType. > > ET > -- > ____________________________________________________ > Eric Tiffany | eric@projectliberty.org > Interop Tech Lead | +1 413-458-3743 > Liberty Alliance | +1 413-627-1778 mobile > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]