OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdf uploaded

On 8/29/06, Scott Cantor <cantor.2@osu.edu> wrote:
> > We already have such an extension for standalone attribute requesters.
> With respect to Ari's statement, if people are using metadata *at an IdP/AA*
> in support of this profile, they're doing something undefined (as Tom says)
> because there's no role defined that could be used apart from
> SPSSODescriptor (and ignoring all the endpoint elements).

So SP metadata (according to this profile) is a MUST?

> The flipside is different. It's likely, and not really "wrong", to use
> existing AA metadata.

While IdP metadata (according to this profile) is a SHOULD?

> > A general-purpose attribute responder can not legally use SAML V2.0
> > metadata to advertise a location endpoint that supports this profile.
> That's an interpretation that depends on the "compatibility" of the new
> profile with the base profile. My interpretation is it's a restrictive
> subset that consists of messages legal in the base profile and so it's legal
> to just treat the rest as OOB information, as with all the hundred other
> things not included in metadata.

Okay, that sounds reasonable.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]