OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdf uploaded

> Well that's the point, I guess.  Currently, there doesn't seem to be
> any way for an endpoint to call out support for one of the X.509
> profiles and NOT support the Assertion Query/Request Profile.  In that
> sense, EVERY attribute query profile should extend the Assertion
> Query/Request Profile.

Since that profile doesn't actually constrain much of anything, it's not
obvious to me that you don't pretty much have that by definition, assuming
by "extend" you also include "restrict" (as in, MUST sign or MUST encrypt or
MUST use X mechanism to authenticate, MUST use Format Foo etc.)

Otherwise, again, that's what <md:AttributeService> means, and there'd be a
different element needed.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]