[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Comments: sstc-saml1x-metadata-cd-01
On 6/28/06, Tom Scavo <trscavo@gmail.com> wrote: > On 6/27/06, Scott Cantor <cantor.2@osu.edu> wrote: > > > > > > [line 111] Why is <md:AffiliationDescriptor> precluded? > > > > It has zero meaning in SAML 1.1. > > I don't see why, but okay. More importantly, any element having a type derived from md:RoleDescriptorType is precluded. This is an oversight, I think. How about inserting the following text into the spec? -------------------- Any element having a type derived from type md:RoleDescriptorType MUST include at least one of the URIs urn:oasis:names:tc:SAML:1.0:protocol or urn:oasis:names:tc:SAML:1.1:protocol in its protocolSupportEnumeration XML attribute. -------------------- This includes not only the predefined role descriptors in [SAMLMeta] but any extended role descriptor as well (such as the role descriptors defined in the SAML Metadata Extension for Query Requesters). Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]