OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Comments: sstc-saml1x-metadata-cd-01

On 6/28/06, Tom Scavo <trscavo@gmail.com> wrote:
> On 6/27/06, Scott Cantor <cantor.2@osu.edu> wrote:
> > >
> > > [line 111] Why is <md:AffiliationDescriptor> precluded?
> >
> > It has zero meaning in SAML 1.1.
>
> I don't see why, but okay.

More importantly, any element having a type derived from
md:RoleDescriptorType is precluded.  This is an oversight, I think.
How about inserting the following text into the spec?

--------------------
Any element having a type derived from type md:RoleDescriptorType MUST
include at least one of the URIs urn:oasis:names:tc:SAML:1.0:protocol
or urn:oasis:names:tc:SAML:1.1:protocol in its
protocolSupportEnumeration XML attribute.
--------------------

This includes not only the predefined role descriptors in [SAMLMeta]
but any extended role descriptor as well (such as the role descriptors
defined in the SAML Metadata Extension for Query Requesters).

Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]