OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed Errata: Adding a Metadata Structures Feature to SAMLConf

This is proposed errata for adding Metadata options to 
SAMLConf. It is a refinement of the straw man of 14Jun05

Note: In order to focus on the central need, and in the 
hopes of improving changes for adoption, I have dropped 
from the proposal the "Metadata Interoperation" feature 
(concerning publication and discovery) that appeared in 
the straw man. 

Also, I had considered detailing each of the appearances
in the specifications (SAMLCore, SAMLBind, SAMLProf) 
which would be elevated to requirements in their respective
operational roles and context. I've shelved that idea, as 
I've found that it would require detailing at least 29 
conditions, in multiple roles and contexts ... not only 
did it quickly become a headache, but the creeping dread 
of maintaining it (in a normative document) stopped me cold. 
Perhaps it would be useful as an implementation guideline
(to save everyone from having to do the same list one-off)? 
Or perhaps "we" think, after all, that it should be included 
in SAMLConf?

- - - - - -

Changes to SAMLConf:

Change to Table 2: Feature Matrix
                     IdP  IdPLite  SP  SPLite  ECP 
Metadata Structures  OPT    OPT   OPT    OPT   N/A

Change to Table 4: SAML Authority and Requester Matrix
                     AuthnAuth  AttribAuth  AuthZDcsnAuth  Requester
Metadata Structures      OPT         OPT          OPT          OPT

New sub-section to Section 3 (Conformance):

3.6 Metadata Structures
Implementations claiming conformance to SAMLv2.0 may declare each operational mode's conformance to SAMLv2.0 Metadata [SAMLMeta]
through election of the 
Metadata Structures option. 

With respect to each operational mode, such conformance entails the following:

* Implementing SAML metadata according to the extensible SAMLv2.0 Metadata format in all cases where an interoperating peer has the
option, as stated in SAMLv2.0 specifications, of depending on the existence of SAMLv2.0 Metadata. Although electing the Metadata
Structures option has the effect of requiring such metadata be available to the interoperating peer, no requirement is established
for a specific method of distribution, publication or resolution.

* Referencing, consuming, and adherence to the SAML metadata, according to [SAMLMeta], of an interoperating peer when the known
metadata relevant to that peer and the particular operation, and the current exchange, has expired or is no longer valid in cache,
provided the metadata is available and is not prohibited by policy or the particular operation and that specific exchange. 

- - - - - -

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]