[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdfuploaded
Greg Whitehead wrote: > I guess the question is whether a client that knows nothing about the X.509 > Attribute Sharing Profile NEEDS to distinguish between those three > endpoints, or would they all work for standard attribute requests? An alternative way to say this is, does this profile do anything beyond supply constraints that are compatible with, but more specific than, the assumptions of any other query use case? If so, it's an arbitrary decision to even bother defining a SAML profile vs. what I would term a deployment profile that just reflects a certain set of knob-turning that could be defined for any relying party. Metadata has never been used to fully document all the aspects of an endpoint when it comes to security policy, mechanisms, etc. I don't see how that can be addressed piecemeal by defining a profile for every possible combination. But the options are pretty clear: - live with the overlap - define an extension element and don't use AttributeService - turn metadata into a complete descriptor language akin to WSDL -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]