[mdx] new document: SAML Profile for the Metadata Query Protocol
Cantor, Scott
cantor.2 at osu.edu
Thu Oct 24 18:21:11 PDT 2013
On 10/17/13, 10:56 AM, "Ian Young" <ian at iay.org.uk> wrote:
>
>* I've made it clear that this is a profile restricted to SAML entities
>using SAML metadata. If there is a need for other related profiles in the
>distant future (SAML entities using non-SAML metadata, non-SAML entities
>using SAML metadata) then we can write new profiles when we need them.
After a detailed read, I'm still not sure I see a good reason to constrain
this to SAML entities. The only thing really specific to SAML is the
artifact/SHA-1 part, but that doesn't seem like a dominant portion. It
could maybe be moved into a subsection or toward the end if that helps
de-emphasize it.
>* The Security Considerations is now much more specific about the
>integrity mechanism to use. I think there probably ought to be a
>reference to SAML2MetaIOP as part of that; suggestions welcome as to
>exactly how to phrase that.
I don't know, I'm not sure it adds anything really. IOP is pretty
specifically vague about distribution, so it seems orthogonal to this (in
that they compose naturally but without imposing constraints on each
other, really). What were you thinking the reference would serve?
-- Scott
More information about the mdx
mailing list