[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - sstc-saml-MetadataDiscoveryProtocols-2.0-draft-00.pdfuploaded
>The URL *is* the provider's identifier, directly. The Issuer of assertions >from that provider might be "http://identityprovider.com/saml2" for example. >You hit that URL, you get the metadata document. >This isn't rocket science, or am I missing something? So you have to get the URL out of band, and then go ask for the metadata ? How do you know what metadata will be returned ? How do your trust the metadata, is it signed ? How do I know how to talk to the metadata URL, that is how do I know to use HTTP/S, WS-Security or other security protocols ? How is the boot strap solved ? I don't see that this specification solves anything except saying that you can use a out of band URL This isn't rocket science, or am I missing something? Anthony Nadalin
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]