OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: use of protocolSupportEnumeration

Suppose an IdP has the following role descriptor in its metadata:

<md:AttributeAuthorityDescriptor
  protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

I would like to add another role descriptor as follows:

<md:AttributeAuthorityDescriptor
  protocolSupportEnumeration="urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic">

but the metadata spec isn't clear whether or not the
protocolSupportEnumeration attribute should contain
"urn:oasis:names:tc:SAML:2.0:protocol" in its enumeration.  On the one
hand, the spec says the latter should always be included, but
elsewhere it says two identical role descriptors should not overlap
with respect to protocol support.  Which is the correct interpretation
in this case?

Thanks,
Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]