RE: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-06

["Scott Cantor" <cantor.2@osu.edu>]

> > [line 509] Why is this attribute called "Protocol"?  Isn't "Binding" a
> > more appropriate name for this attribute?  After all, it's value is a
> > binding URI.
> 
> I thought having both Binding and hok:Binding would be seriously
> confusing, particularly to people who don't understand XML well.
> While protocol isn't a perfect fit, I think it's a small evil.  I
> explicitly used the phrase "protocol binding" in the explanatory text
> in hopes that'd help.

hok:HOKBinding?

hok:ProtocolBinding?

hok:ActualBinding?

I don't think this is a big deal. Nor is it a bug in SAML metadata. I
already said that the "non-awkward" way to do this that the spec assumes is
to use the Extensions block. The metadata spec was intentionally designed to
rely on QNames for profile matching, because people wanted that vs. digging
through attributes. Technically a new profile requires a new QName.

It's just an optimization if you overload the existing QName, and if it
doesn't work well, then you don't have to do it.

E.g. <hok:SingleSignOnService>, <hok:AssertionConsumerService>

-- Scott