OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML2 metadata for a SAML1 IdP

On 7/1/07, Scott Cantor <cantor.2@osu.edu> wrote:
> The definition of an IdP in core (ignoring the glossary) is anything that
> supports a SAML AuthnRequest. If something supports the moral equivalent,
> then I would say it's an IdP for the purposes of metadata usage.

There's the rub.  The IdPs I have in mind don't support SAML protocol
messages, they simply issue assertions.  The protocols and bindings
used to transmit the assertions to SPs are totally outside the SAML

> Nothing breaks based on whether something chooses to reuse an existing
> descriptor, as long as the rest of the rules are followed. Either the
> protocol or Binding strings should prevent anything from breaking existing
> software.

From that point of view, I guess I could get away with using
IDPSSODescriptor/SingleSignOnService, even though the words are a bit
of a conceptual stretch.

> Or you can take the conservative approach and just define a new
> role. The differences are just cosmetic.

Hey, if I can avoid defining a new role, why not?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]