OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: comments: draft-sstc-saml-metadata-ext-query-02

On 8/28/06, Scott Cantor <cantor.2@osu.edu> wrote:
> > Only the "catch all" is relevant.
> I think they're all relevant because they clearly establish the intent of
> the profile in regards to that attribute. Not to mention that it explicitly
> *says* what the values are for both versions of SAML at the top of the
> profile before it even discusses the roles.
> > As far as I can tell, this passage says the use case I mentioned above
> > is undefined, and moreover, it is not defined elsewhere (in
> > particular, in the metadata extension spec) so it's not at all clear
> > (to me anyways :) what's supposed to be done in the case of V1.x
> > entities.
> There are any number of guidelines to follow for SAML 1.x in the profile,
> and all of them are referenced in aggregate by the extension document
> several times. I don't see why we should repeat the entire profile again.
> If someone can come up with a single possible interpretation for that
> attribute's content that is other than the intended one, I'm all ears.

I suggested this before but I think you missed it:

Any element having a type derived from type md:RoleDescriptorType MUST
include at least one of the URIs urn:oasis:names:tc:SAML:1.0:protocol
or urn:oasis:names:tc:SAML:1.1:protocol in its
protocolSupportEnumeration XML attribute.

This includes not only the predefined role descriptors in [SAMLMeta]
but any extended role descriptor as well (such as the role descriptors
defined in the SAML Metadata Extension for Query Requesters).  So this
one statement covers all such statements in the metadata extension


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]