Re: comments re sstc-saml-holder-of-key-browser-sso-draft-05

["Tom Scavo" <trscavo@gmail.com>]

On Wed, Aug 6, 2008 at 3:12 PM, Tom Scavo <trscavo@gmail.com> wrote:
>
> - ...Hijacking the Binding attribute like this is
> a bit of a kludge.  Why not define new endpoints just for this
> purpose?  Yes, I know you say (on line 494) that you'd rather not do
> that, but why not?  That seems like the proper approach to me.

Right, I think I see why you chose not to define a new EndpointType.
Basically, SSODescriptorType is not extensible.

> - In the same way an endpoint calls out its support for certain
> NameIDs (with md:NameIDFormat), how does an endpoint call out its
> support of various child elements of ds:KeyInfo? (This would require
> new endpoint definitions, I think, as mentioned above.)

AFAICT, the only way to do this is to define a new extension to
RoleDescriptorType that replaces SSODescriptorType. Yuk.

Tom