[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)
> I'm still not clear on how best to reword this. Scott, would you mind > taking a crack at this? Here's how it stands now: > > --------------------- > The service provider and identity provider MAY use metadata in support > of this deployment profile for locating endpoints, communicating key > information, and so on. If SAML V2.0 metadata is used, the > <md:AttributeAuthorityDescriptor> element defined by the SAML metadata > specification [SAMLMeta] and the query:AttributeQueryDescriptorType > complex type defined by the SAML metadata extension specification > [SAMLMeta-Ext] SHOULD be used with this deployment profile. > --------------------- Here's a suggested change: --------------------- The service provider and identity provider MAY use metadata in support of this deployment profile for locating endpoints, communicating key information, and so on. If SAML V2.0 metadata is used, the identity provider SHOULD use the <md:AttributeAuthorityDescriptor> element defined by the SAML metadata specification [SAMLMeta]. The server provider SHOULD use the query:AttributeQueryDescriptorType complex type defined by the SAML metadata extension specification [SAMLMeta-Ext], or it MAY use the <md:SPSSODescriptor> element defined by SAML metadata specification [SAMLMeta] if it also offers profile support consistent with that element. Other role types defined in future specifications MAY be used in conjunction with this profile, subject to agreement by the parties. --------------------- If you want to leave out the future proofing, let me know and I'll reword it stronger. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]