OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] metadata and an ISSUE for 1.1 re: use of"source" and "destinatio n"

If we will define one set of metadata for web sso profiles and a different set of metadata for other uses of saml, then perhaps there could be an argument for using the terms in the metadata.


But I think defining separate metadata for SSO and other metadata for other SAML usage is the wrong approach.  At least at this point, I think we should have one set of standard metadata for SAML. But of course I'm willing to listen to counter-arguments.  So if there is only one set of metadata, then the terms will end up getting used outside the scope of SSO.  Thus my example - when defining an authority's SOAP Binding Service URL it is in the "source site's" metadata. But if I'm just an attribute authority and not supporting Web SSO, the term "source site" doesn't mean anything to me. So where do I define the SOAP Binding Service URL?






          this is quite a different issue altogether and one we should discuss further. One way to approach is to define some kind of

          "generic" notion of meta-data (completely free of binding and profile information). The challenge here is characterizing

          this concept of generic meta-data.


           The generic meta-data would then be specialized by metadata for individual profiles or bindings, which would

           add meta-data specific to those profiles or bindings.  




Any clearer?



               Absolutely !



Perhaps what we need to do is come up with a clear set of goals and non-goals to guide the metadata work item before we go much further.  I'm certainly interested in participating in this (can you tell?).



           I think it is a reasonable activity. The current meta-data profile is quite explicitly titled "Metadata for

           Web Browser Profiles". The primary focus here has been characterizing the data items that need to

           be exchanged between source

           and destination sites. Certainly, it is a very narrow and focussed charter.


          I guess the set of questions for the TC are:

          (a) Do we need a more general meta-data specification?

          (b) What is the charter of this specification?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC