[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdf uploaded
On 8/29/06, Scott Cantor <cantor.2@osu.edu> wrote: > > > We already have such an extension for standalone attribute requesters. > > With respect to Ari's statement, if people are using metadata *at an IdP/AA* > in support of this profile, they're doing something undefined (as Tom says) > because there's no role defined that could be used apart from > SPSSODescriptor (and ignoring all the endpoint elements). So SP metadata (according to this profile) is a MUST? > The flipside is different. It's likely, and not really "wrong", to use > existing AA metadata. While IdP metadata (according to this profile) is a SHOULD? > > A general-purpose attribute responder can not legally use SAML V2.0 > > metadata to advertise a location endpoint that supports this profile. > > That's an interpretation that depends on the "compatibility" of the new > profile with the base profile. My interpretation is it's a restrictive > subset that consists of messages legal in the base profile and so it's legal > to just treat the rest as OOB information, as with all the hundred other > things not included in metadata. Okay, that sounds reasonable. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]