OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: PE67: Absence of elements in metadata

First of all, I totally agree that omitting an element (such as
<md:NameIDFormat>) altogether does *not* imply that none are
supported.  This makes perfect sense.

The problem I'm having is understanding what it means to list some but
not all supported values.  Consider the following example:

An IdP lists attributes A1, A2, and A3 in metadata.  An SP requires A4
to provide access to resource R.  Should the SP issue an expensive
query to the IdP in hopes of obtaining A4 (even though the IdP does
not advertise A4's availability) or should the SP simply deny access
to any request for R that requires a query to this particular IdP?

Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]