OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - sstc-saml-x509-authn-attrib-profile-draft-10-diff.pdf uploaded

On 8/29/06, Ari Kermaier <ari.kermaier@oracle.com> wrote:
> Although it would be nicer, I claim that it doesn't really matter that the SP cannot tell from the AttributeAuthorityDescriptor whether this profile is supported. If an IdP has two AttributeService elements, one of which describes an endpoint that supports the profile and the other an endpoint that does not, then there's a problem that a metadata extension could solve. But if there is just one such descriptor -- or if there is out-of-band communication/configuration to help the SP select the correct endpoint -- then there is no problem.

Yes, that's sounds reasonable.

> My point is that if the existing metadata specs _and/or non-metadata configuration_ are sufficient for two providers to negotiate interoperability for this profile, why force them to implement metadata extensions? It's great to make it available, but why change SHOULD to MUST?

Point taken.  I'll rewrite the normative language regarding metadata
to take this into account.

Thanks, Ari.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]