security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Metadata support for Discovery profile
- From: Paul Madsen <p.madsen@entrust.com>
- To: "SAML SSTC (E-mail)" <security-services@lists.oasis-open.org>
- Date: Wed, 13 Oct 2004 08:40:22 -0400
This issue
came up on yesterdays SSTC call, On the call we came to the tentative
conclusion that this seemed to be a Catch-22 situation, specifically
how would the SP know which IDP descriptor to load in order to determine to
which common domain a particular principal should be sent for IDP discovery
without already knowing the IDP. I took an action to clarify Tom's intent
and priority for this request.
Tom wrote 'This item was not
that critical and should not hold back Saml 2.0 in any way' so we can close the
issue.
For future consideration, despite the apparent Catch-22
situation, it does appear that such a mechanism could be useful. While it is
true that an SP would be unable to immediately load a particular IDP metadata
descriptor before actually discovering the IDP, formalizing how the IDP
advertises the common domains in which it participates could enable the
SP building a list of potential common domains automatically (by collecting
common domain URLs from all IDPs for which it had metadata descriptors). This
compared to building such a list in a piecemeal fashion from out-of-band
communications.
Paul
-----------------------------------------------------------------
Paul
Madsen
p: 613-270-2632
c: 613-799-2632
Entrust
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]