RE: [security-services] Re: comments re sstc-saml-holder-of-key-browser-sso-draft-05

["Scott Cantor" <cantor.2@osu.edu>]

> > - ...Hijacking the Binding attribute like this is
> > a bit of a kludge.  Why not define new endpoints just for this
> > purpose?  Yes, I know you say (on line 494) that you'd rather not do
> > that, but why not?  That seems like the proper approach to me.
> 
> Right, I think I see why you chose not to define a new EndpointType.
> Basically, SSODescriptorType is not extensible.

By what definition?
 
> AFAICT, the only way to do this is to define a new extension to
> RoleDescriptorType that replaces SSODescriptorType. Yuk.

Or you use the Extensions element.

Your choice is to either use this hack, or put the new endpoints in the
Extensions block. Neither is all that wonderful, but that's how
extensibility works in this schema.

-- Scott