[mdx] TLS on the metadata query server
Cantor, Scott
cantor.2 at osu.edu
Sun Sep 7 12:45:26 PDT 2014
On 9/6/14, 2:04 PM, "Tom Scavo" <trscavo at gmail.com> wrote:
>
>AFAICT, the SAML profile of the MDQ Protocol spec doesn't have
>anything to say about server authentication. Should it?
I don't think I'd base any conclusions now on the old SAML text. If that
text didn't just come from the source material verbatim, it was probably
created based on a pretty naive understanding of what people would think
about all of it.
>I've always had mixed feelings about TLS on the metadata query server.
>In the presence of XML Signature, I think the cost-benefit of TLS is
>not justified, but I know that others have strong opinions in the
>other direction. Does the profile need to take a stand on TLS one way
>or the other?
I think it would be weird to make it a MUST NOT (and I don't think you're
suggesting that), but I also don't think SHOULD is warranted.
-- Scott
More information about the mdx
mailing list