OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Locating authorities in SAML?

Apologies to Jeff as I don't have a specific proposal to attach to this
at present, but I'd like to clarify whether or not using assertions or
responses to communicate the location of the various authorities in the
SAML model is in-scope or not.

Simon G. raised this in the context of Authn Authorities, and it was
subsequently clarified that the AuthnLocality in the schema referred to
the client, not the authority.

Since Shibboleth desires as much run time flexibility as possible, our
protocol from origin to destination requires that we communicate the
location of the Attribute Authority to be used by the destination site.
This is not, to me, an "application" issue, unless Shibboleth is in fact
a SAML application, rather than a SAML implementation, and this kind of
basic flow of information is out of scope for SAML to address.

If it's in scope, I will propose a change. If it's out of scope, how do
we foresee it being done, and is the information itself not even
appropriate for carriage in the SAML messages (outside of the use of
Advice perhaps, which really shouldn't be the catch-all for Shib or
anyone else, IMHO).

  Scott Cantor               So long, and thanks for all the fish.
  cantor.2@osu.edu                  -- Douglas Adams, 1952-2001
  Office of Info Tech        PGP KeyID   F22E 64BB 7D0D 0907 837E
  The Ohio State Univ        0x779BE2CE  6137 D0BE 1EFA 779B E2CE

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC