[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] source ID
Global uniqueness might not be required,
but it is a good thing, so I don’t recommend using just your “company’s
URL” (e.g. http://www.rsasecurity.com).
If your company will have more than one asserting party initiating BAP
exchanges, you will need unique SourceID’s; one for each AP. We
tend to recommend that the SourceID be created from a SHA-1 hash of the SOAP
Binding Service URL at each AP (e.g. https://ap123.rsasecurity.com/SoapBindingService/sbs.jsp)
rather than your “company’s URL”. This way, if I stand up a
new AP at my company, I can ensure that the SourceID’s will be unique so
that partner sites can send their requests back to the correct AP at my
company. If a specific relying party will need to receive BAP exchanges from
multiple AP’s at my site, they’ve got to be unique. Rob Philpott From: Steve Anderson
[mailto:sanderson@opennetwork.com] Global uniqueness isn't necessarily
required. At a minimum, the ID that a company uses to identify itself to
a partner must be unique at that partner. A recommended technique (described in the
SAML Bindings and Profiles document) for generating IDs is to generate a SHA-1
hash of the company's URL. The URL is unique for that company, and the
resultant hash is as well. --
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]