[mdx] Small change proposed to draft-young-md-query-saml-07

[Cantor, Scott]

The Shibboleth Project team has been discussing a small issue with the MDQ SAML profile draft and the use of the {SHA1} syntax to represent the SourceID during artifact-driven metadata lookup.

It has been noted that technically neither the fixed-length SAML 1 or SAML 2 artifact types that encourage the use of a SHA-1 hash of the entityID for a SourceID actually require that. The SourceID is technically arbitrary. The receiver of an artifact doesn't have any way in general to know if the SourceID is actually a hash.

To account for this, without introducing a new syntax that existing software in the field would need to support, we're proposing a small addition to the draft where the {SHA1} syntax is described, that accounts for the edge case where it happens to be a more arbitrary value.

With a green field, we would probably just extend the profile, but in the interest of avoiding a lot of churn for an edge case of an edge case (we note that not a single entity in all of EDUGAIN uses a non-hashed SourceID), we think this is the simplest fix.

There's a little bit of timing pressure on this because we're trying to point the Kantara-via-InCommon implementation profile at the MDQ drafts so if we're going to include this change in the version it references, it would need to be published pretty quickly.

-- Scott


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff.txt
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20171105/fccee932/attachment.txt>