OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Another possible errata in metadata...

Philpott, Robert wrote:
> Metadata line 272 says “In any such sequence of like endpoints based on 
> this type, the default…”.  It is a bit ambiguous what “of like 
> endpoints” means.  Are two endpoints alike if they are of the same 
> binding type (e.g. SOAP)?  Or are they alike because they are assigned 
> to the same service endpoint.  This actually caused some confusion here 
> (maybe it was just me J). 

The meaning was that they're the same "element". e.g. 
AssertionConsumerService.

> What’s the context of “like” in this case. Consider the case of an 
> Assertion Consumer Service with 3 SOAP binding endpoints and 4 POST 
> binding endpoints. Is there just a single endpoint of the seven that can 
> be marked isDefault, or is there a default for SOAP and a default for POST?

One. If the metadata consumer is unhappy with the "default", then it's 
on its own in selecting one or can complain.

> I **think** it means the former, although we had discussions about what 
> if an IDP doesn’t allow outgoing SOAP connections and the SP had chosen 
> one of the SOAP endpoints as the default.  The default setting isn’t of 
> any use and the first POST endpoint in the list would be forced to be 
> the default. But having multiple defaults on a particular service could 
> definitely be confusing as well.

That is correct, there's only default of a particular element. Elements 
in this design represent a general notion of "protocol profile". Reuse 
of an element for a new profile that is "similar to" an existing one 
(e.g. using SingleSignOnService for ECP) is a choice that has be made 
when a profile is defined.

> “In any single metadata grouping of endpoints based on 
> IndexedEndpointType, the default…”.  I think this makes it clearer that 
> the grouping applies to all endpoints independent of the “binding type”. 

I'm not sure that's clearer, I'd rather add text that just references 
the element's qualified name as the grouping.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]