Skip to Content.
Sympa Menu

interfed - Re: [inc-interfed] Apr 2 notes / Apr 9 agenda

Subject: Interfederation

List archive

Re: [inc-interfed] Apr 2 notes / Apr 9 agenda


Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "" <>
  • Subject: Re: [inc-interfed] Apr 2 notes / Apr 9 agenda
  • Date: Wed, 3 Apr 2013 22:08:53 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

On 4/3/13 6:02 PM, "Tom Scavo"
<>
wrote:
>I can't agree with that. Permitting that kind of redundancy will lead
>to situations where different scopes are published at various levels.
>In the very least it is semantically unsettling.

Formally, I consider the definition to be "entity level". The role thing
was a legacy option that we had to support.

But federations have to deal with older software, and so they don't have
much choice. But I would be very disappointed with an outcome of "role
only" since that is not the definition of the element today. That is not
really subject to discusson since this is not a standard, but an extension
defined by me for my software.

>Then we would have a larger problem since the metadata for an IdP
>Proxy contains both an <md:IDPSSODescriptor> element and an
><md:SPSSODescriptor> element, and you wouldn't want to put a
><shibmd:Scope> element in the <md:Extensions> element of the
><md:EntityDescriptor> element in that case.

There is no problem there. The extension should apply only to roles that
produce attributes. It has no meaning for others.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page