OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdfuploaded

Greg Whitehead wrote:
> I guess the question is whether a client that knows nothing about the X.509
> Attribute Sharing Profile NEEDS to distinguish between those three
> endpoints, or would they all work for standard attribute requests?

An alternative way to say this is, does this profile do anything beyond 
supply constraints that are compatible with, but more specific than, the 
assumptions of any other query use case?

If so, it's an arbitrary decision to even bother defining a SAML profile 
vs. what I would term a deployment profile that just reflects a certain 
set of knob-turning that could be defined for any relying party.

Metadata has never been used to fully document all the aspects of an 
endpoint when it comes to security policy, mechanisms, etc. I don't see 
how that can be addressed piecemeal by defining a profile for every 
possible combination.

But the options are pretty clear:

- live with the overlap
- define an extension element and don't use AttributeService
- turn metadata into a complete descriptor language akin to WSDL

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]