OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] EntitiesDescriptor/@ID value

On 11/14/14, 6:55 PM, "Peter Schober" <peter.schober@univie.ac.at> wrote:

>A question in our community arose, whether a dynamically changing
>md:EntitiesDescriptor/@ID value in SAML metadata had any advantages,
>esp. security-related ones, where the md:EntitiesDescriptor is signed
>and the ID value is used as reference for signing (ds:Reference/@URI).


>If doing so provides no real benefit (as some have claimed) a static
>value would allow some metadata consumers to match on the ID value for
>other, internal purposes.

There's certainly no normative meaning attached to it, so I'd be leery of 
anything that wasn't just about the authoring process.

>Though keeping the ID static at all times, even when the document
>changes (e.g. <md:EntityDescriptor>s being added or removed or
>changed), might also have/cause other issues?

Nothing I'm aware of.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]