OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: comments re sstc-saml-holder-of-key-browser-sso-draft-05

On Wed, Aug 6, 2008 at 3:12 PM, Tom Scavo <trscavo@gmail.com> wrote:
> - ...Hijacking the Binding attribute like this is
> a bit of a kludge.  Why not define new endpoints just for this
> purpose?  Yes, I know you say (on line 494) that you'd rather not do
> that, but why not?  That seems like the proper approach to me.

Right, I think I see why you chose not to define a new EndpointType.
Basically, SSODescriptorType is not extensible.

> - In the same way an endpoint calls out its support for certain
> NameIDs (with md:NameIDFormat), how does an endpoint call out its
> support of various child elements of ds:KeyInfo? (This would require
> new endpoint definitions, I think, as mentioned above.)

AFAICT, the only way to do this is to define a new extension to
RoleDescriptorType that replaces SSODescriptorType. Yuk.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]