[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML2 metadata for a SAML1 IdP
On 7/1/07, Scott Cantor <cantor.2@osu.edu> wrote: > > The definition of an IdP in core (ignoring the glossary) is anything that > supports a SAML AuthnRequest. If something supports the moral equivalent, > then I would say it's an IdP for the purposes of metadata usage. There's the rub. The IdPs I have in mind don't support SAML protocol messages, they simply issue assertions. The protocols and bindings used to transmit the assertions to SPs are totally outside the SAML specification. > Nothing breaks based on whether something chooses to reuse an existing > descriptor, as long as the rest of the rules are followed. Either the > protocol or Binding strings should prevent anything from breaking existing > software. From that point of view, I guess I could get away with using IDPSSODescriptor/SingleSignOnService, even though the words are a bit of a conceptual stretch. > Or you can take the conservative approach and just define a new > role. The differences are just cosmetic. Hey, if I can avoid defining a new role, why not? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]