OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: PE25 SAML Metadata Feature in SAMLConf - Updated "two options" Proposal

In hopes of bringing the proposal in accordance with the 
30Aug05 discussion:

Proposed Errata PE25:

Document: Conformance 

Description: Conformance document does not specify any 
requirements with respect to metadata. It is suggested that 
the conformance document be updated as follows. 
 

Change to Table 2: Feature Matrix

                         IdP    IdPLite   SP   SPLite   ECP
FEATURE
Metadata Structures      OPT      OPT    OPT    OPT     N/A  
Metadata Interoperation  OPT      OPT    OPT    OPT     N/A


Change to Table 4: SAML Authority and Requester Matrix

                       AuthnAuth AttribAuth AuthZDcsnAuth Requester
FEATURE
Metadata Structures      OPT        OPT          OPT          OPT
Metadata Interoperation  OPT        OPT          OPT          OPT


New sub-sections to Section 3 (Conformance):


3.6 Metadata Structures 
Implementations claiming conformance to SAMLv2.0 may declare each 
operational mode's conformance to SAMLv2.0 Metadata [SAMLMeta] 
through election of the Metadata Structures option.

With respect to each operational mode, such conformance entails 
the following:

* Implementing SAML metadata according to the extensible SAMLv2.0 
Metadata format in all cases where an interoperating peer has the 
option, as stated in SAMLv2.0 specifications, of depending on the 
existence of SAMLv2.0 Metadata. Electing the Metadata Structures 
option has the effect of requiring such metadata be available to 
the interoperating peer. The Metadata Interoperation feature, 
described below, provides a means of satisfying this requirement.

* Referencing, consuming, and adherence to the SAML metadata, 
according to [SAMLMeta], of an interoperating peer when the known 
metadata relevant to that peer and the particular operation, and 
the current exchange, has expired or is no longer valid in cache, 
provided the metadata is available and is not prohibited by policy 
or the particular operation and that specific exchange.


3.7 Metadata Interoperation 
Election of the Metadata Interoperation option requires the 
implementation offer, in addition to any other mechanism, the 
well-known location publication and resolution mechanism described 
in SAML metadata [SAMLMeta].

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]