[mdx] Small change proposed to draft-young-md-query-saml-07
Leif Johansson
leifj at sunet.se
Sun Nov 5 00:35:59 PDT 2017
diff -u is a bit more readable...
Skickat från min iPhone
> 5 nov. 2017 kl. 10:21 skrev Cantor, Scott <cantor.2 at osu.edu>:
>
> The Shibboleth Project team has been discussing a small issue with the MDQ SAML profile draft and the use of the {SHA1} syntax to represent the SourceID during artifact-driven metadata lookup.
>
> It has been noted that technically neither the fixed-length SAML 1 or SAML 2 artifact types that encourage the use of a SHA-1 hash of the entityID for a SourceID actually require that. The SourceID is technically arbitrary. The receiver of an artifact doesn't have any way in general to know if the SourceID is actually a hash.
>
> To account for this, without introducing a new syntax that existing software in the field would need to support, we're proposing a small addition to the draft where the {SHA1} syntax is described, that accounts for the edge case where it happens to be a more arbitrary value.
>
> With a green field, we would probably just extend the profile, but in the interest of avoiding a lot of churn for an edge case of an edge case (we note that not a single entity in all of EDUGAIN uses a non-hashed SourceID), we think this is the simplest fix.
>
> There's a little bit of timing pressure on this because we're trying to point the Kantara-via-InCommon implementation profile at the MDQ drafts so if we're going to include this change in the version it references, it would need to be published pretty quickly.
>
> -- Scott
>
>
> <diff.txt>
> _______________________________________________
> mdx mailing list
> mdx at lists.iay.org.uk
> http://lists.iay.org.uk/listinfo.cgi/mdx-iay.org.uk
More information about the mdx
mailing list