[mdx] Small change proposed to draft-young-md-query-saml-07
Cantor, Scott
cantor.2 at osu.edu
Sat Nov 4 19:21:33 PDT 2017
The Shibboleth Project team has been discussing a small issue with the MDQ SAML profile draft and the use of the {SHA1} syntax to represent the SourceID during artifact-driven metadata lookup.
It has been noted that technically neither the fixed-length SAML 1 or SAML 2 artifact types that encourage the use of a SHA-1 hash of the entityID for a SourceID actually require that. The SourceID is technically arbitrary. The receiver of an artifact doesn't have any way in general to know if the SourceID is actually a hash.
To account for this, without introducing a new syntax that existing software in the field would need to support, we're proposing a small addition to the draft where the {SHA1} syntax is described, that accounts for the edge case where it happens to be a more arbitrary value.
With a green field, we would probably just extend the profile, but in the interest of avoiding a lot of churn for an edge case of an edge case (we note that not a single entity in all of EDUGAIN uses a non-hashed SourceID), we think this is the simplest fix.
There's a little bit of timing pressure on this because we're trying to point the Kantara-via-InCommon implementation profile at the MDQ drafts so if we're going to include this change in the version it references, it would need to be published pretty quickly.
-- Scott
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff.txt
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20171105/fccee932/attachment.txt>
More information about the mdx
mailing list