Description
The metadata specification offers no way to distinguish the profile used by an endpoint. A boolean flag extension is not sufficient to signal use of this profile: because SAML implementations that don't implement this profile would ignore this optional attribute, they could send users to an inappropriate endpoint, potentially impacting interoperability and user experience. Rather than define new endpoint elements, this schema uses the Binding attribute for disambiguation. If an endpoint has the binding attribute urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser:holder-of-key, it MUST also include a separate extension hok:Protocol attribute as defined in this schema fragment.