[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed Errata: Adding a Metadata Structures Feature to SAMLConf
This is proposed errata for adding Metadata options to SAMLConf. It is a refinement of the straw man of 14Jun05 (<http://lists.oasis-open.org/archives/security-services/200506/msg00102.html>). Note: In order to focus on the central need, and in the hopes of improving changes for adoption, I have dropped from the proposal the "Metadata Interoperation" feature (concerning publication and discovery) that appeared in the straw man. Also, I had considered detailing each of the appearances in the specifications (SAMLCore, SAMLBind, SAMLProf) which would be elevated to requirements in their respective operational roles and context. I've shelved that idea, as I've found that it would require detailing at least 29 conditions, in multiple roles and contexts ... not only did it quickly become a headache, but the creeping dread of maintaining it (in a normative document) stopped me cold. Perhaps it would be useful as an implementation guideline (to save everyone from having to do the same list one-off)? Or perhaps "we" think, after all, that it should be included in SAMLConf? - - - - - - Changes to SAMLConf: Change to Table 2: Feature Matrix IdP IdPLite SP SPLite ECP FEATURE Metadata Structures OPT OPT OPT OPT N/A Change to Table 4: SAML Authority and Requester Matrix AuthnAuth AttribAuth AuthZDcsnAuth Requester FEATURE Metadata Structures OPT OPT OPT OPT New sub-section to Section 3 (Conformance): 3.6 Metadata Structures Implementations claiming conformance to SAMLv2.0 may declare each operational mode's conformance to SAMLv2.0 Metadata [SAMLMeta] through election of the Metadata Structures option. With respect to each operational mode, such conformance entails the following: * Implementing SAML metadata according to the extensible SAMLv2.0 Metadata format in all cases where an interoperating peer has the option, as stated in SAMLv2.0 specifications, of depending on the existence of SAMLv2.0 Metadata. Although electing the Metadata Structures option has the effect of requiring such metadata be available to the interoperating peer, no requirement is established for a specific method of distribution, publication or resolution. * Referencing, consuming, and adherence to the SAML metadata, according to [SAMLMeta], of an interoperating peer when the known metadata relevant to that peer and the particular operation, and the current exchange, has expired or is no longer valid in cache, provided the metadata is available and is not prohibited by policy or the particular operation and that specific exchange. - - - - - -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]