OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [security-services] DDDS RFCs, Liberty and SAML Metadata exchange protocol

Peter Davis me sent me a very important clarification. Please see below.

-----Original Message-----
From: Peter C Davis [mailto:peter.davis@neustar.biz]
Sent: Monday, September 22, 2003 7:12 AM
To: jmoreh@sigaba.com
Subject: Re: [security-services] DDDS RFCs, Liberty and SAML Metadata
exchange protocol

One clarification, which i think is usefull, esp. w/larger enterprises...

Jahan Moreh wrote:


> Assume a providerID URI of http://sigaba.com/saml/consumer/cs. We can
> have a regular expression and replacement string like:
> Basically, this expression extracts the FQDN (i.e., sigaba.com), which
> is "subexpression" #3. The FQDN is used as the "replacement" string.
> Next, the requestor performs a DNS NAPTR query to the domain
> sigaba.com. It may get back something like this:
> !^.*$!https://sigaba.com/metadata/cs/consumer.xml!
> Basically, the above says "replace your data with
> https://sigaba.com/metadata/cs/consumer.xml";. DDDS and NAPTR provide a
> way to tell the requestor if the replacement string is "terminal" or
> not. This is accomplished using a flag (not shown in the examples).

DDDS NAPTR expressions also allow for publishing multiple providerID
metadata locations with a single relacement string in the DNS. For example:

assuming two providerID's:


and the regex:


thus reducing the number of entries in the zone for this purpose (when
carefully thought-out) to one, but allowing essentially unlimited
providerID entities.

(BTW: this mail will bounce to the SSTC mailinglist.  so, I replied only
to you. Feel free to repost to the mailing list.)

--- peterd

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]