[mdx] MDX & expressing communites-of-interest
Thomas Lenggenhager
lenggenhager at switch.ch
Tue May 19 02:28:21 PDT 2009
Thanks for your interesting discussions so far. Due to holidays,
I was not able to follow it the last two weeks. While reading the
messages now, I support your conclusions.
To clarify the proposal to use AffiliationDescriptor and due to lack
of an AffiliationDescriptor example in the spec I write down what I
understood it stands for:
You can use an EntityDescriptor with only an AffiliationDescriptor
instead of any other descriptor like RoleDescriptors. In AffiliateMember
it lists all the entityIDs of the affiliates.
What is unclear to me is
- What entityID would be used for this EntityDescriptor? The same
value as for affiliationOwnerID or does it not matter at all?
- Why does the metadata spec refer to these entities as 'typically
service providers' [page 22, line 941]
Wouldn't it make as much sense for the IdPs?
Thomas
Scott Cantor wrote:
> Ian Young wrote on 2009-05-18:
>> There are a couple of other variations that could perhaps be added to
>> that list.
>
> There's still another one, which is a SAML "affiliation", which has metadata
> support already (though not in the sense that we've implemented anything
> based on it).
>
> I was considering that, though, and then extending the group-based policy
> stuff in the SP to allow for Affiliation membership in addition to just the
> containment model.
>
> I started to think that affiliations might be a way to get the notion of a
> "self-defined" group into the metadata layer. Today you can't easily create
> RelyingParty settings based on groups that you manage yourself.
>
> -- Scott
--
SWITCH
Serving Swiss Universities
--------------------------
Thomas Lenggenhager
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505 direct +41 44 268 1541
http://www.switch.ch
More information about the mdx
mailing list