[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - sstc-saml-MetadataDiscoveryProtocols-2.0-draft-00.pdfuploaded
> How do you know what metadata will be returned? ->I don't. If I did, I wouldn't need to ask for it. So how does one parse this, how do I know the schema for the metadata returned ? How do I get the schemas for the data returned ? >Familiar with HTTP GET? It's a wonderful thing, catch the fever. Yes, caught the fever and took an aspirin and its now gone. You seem to be missing the point, you seem to have to talk to the end point service to get the metadata but you may not be able to, so there is a boot strap issue. > Are we talking about the metadata spec or the distribution protocol? The MetadataDiscoveryProtocol, or more like Metadata URL Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | Scott Cantor | | | <cantor.2@osu.edu| | | > | | | | | | 10/14/2003 11:15 | | | PM | |---------+----------------------------> >----------------------------------------------------------------------------------------------------------------------------------------------| | | | To: Anthony Nadalin/Austin/IBM@IBMUS, security-services@lists.oasis-open.org | | cc: | | Subject: RE: [security-services] Groups - sstc-saml-MetadataDiscoveryProtocols-2.0-draft-00.pdf uploaded | >----------------------------------------------------------------------------------------------------------------------------------------------| > So you have to get the URL out of band, and then go ask for > the metadata ? It's fairly critical to identify the parties involved in a federation. So they get identifiers. If those identifiers are URLs that point at metadata, you have a well known URL to get metadata. That's OOB in a sense, but it's more about the trust, as you note below. I can dynamically retrieve metadata, but then I have to trust it. > How do you know what metadata will be returned? I don't. If I did, I wouldn't need to ask for it. >How do your trust the metadata, is it signed ? Certainly. Metadata signing is really the new trust root in this kind of world, IMHO. > How do I know how to talk to the metadata URL, that is how do > I know to use HTTP/S, WS-Security or other security protocols > ? How is the boot strap solved ? Familiar with HTTP GET? It's a wonderful thing, catch the fever. If you want to specify other protocols, I guess that's up to you. Personally... > I don't see that this specification solves anything except > saying that you can use a out of band URL Are we talking about the metadata spec or the distribution protocol? The purpose of the protocol is to permit a provider to change their operational details, get their metadata signed OOB, and repost the new version at an understood (but relatively dynamic) location so a consumer can pick up those changes on the fly. If you don't think that's useful, we'll agree to disagree. > This isn't rocket science, or am I missing something? You tell me. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]