OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] use of protocolSupportEnumeration

On 6/14/06, Scott Cantor <cantor.2@osu.edu> wrote:
> Tom Scavo wrote:
> >
> > <md:AttributeAuthorityDescriptor
> >  protocolSupportEnumeration="urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic">
> Protocols are not profiles. They're something broader than that.
> Profiles are captured by the endpoint elements themselves, in particular
> roles, in combination with particular bindings.
> If something is a SAML 2.0 profile, then the protocol enumeration
> constant is probably just SAML 2.0. If not, it's not.

Well, let me push back just a little bit, because I'm still confused.
Noting the two URIs I quoted earlier,


plus the related URI from [SAMLProf]


we have at least three attribute exchange profiles from which to
choose (plus I have a SAML 1.1 attribute exchange profile I'd like to
add to the mix).

1. How does an IdP advertise its support for one or more of these profiles?
2. How does an SP advertise its support for one of more of these profiles?

Seems like the latter is particularly important otherwise an IdP won't
know how to respond to a particular attribute query.

Suppose, for example, an IdP receives an attribute query with an
encrypted NameID?  How does it know which of the above three profiles
is in effect?  There is nothing in the metadata to help it make this
determination, it seems.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]