Skip to Content.
Sympa Menu

interfed - Re: [inc-interfed] InCommon requirements for MDUI DisplayName

Subject: Interfederation

List archive

Re: [inc-interfed] InCommon requirements for MDUI DisplayName


Chronological Thread 
  • From: Ian Young <>
  • To:
  • Subject: Re: [inc-interfed] InCommon requirements for MDUI DisplayName
  • Date: Sun, 14 Apr 2013 19:34:15 +0100
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=pass (signature verified [TEST])

On 10 Apr 2013, at 00:33, Tom Scavo
<>
wrote:

> - Every IdP entity descriptor SHOULD include an <mdui:DisplayName>
> element for discovery purposes.
>
> - If an IdP entity descriptor does not include an <mdui:DisplayName>
> element, an <md:OrganizationDisplayName> element MUST be present and
> moreover it MUST be a suitable replacement for <mdui:DisplayName>.
> [ref]

These seem reasonable, except that the last MUST is of course unenforceable
by anything other than a human. On that basis, you might consider saying
"SHOULD be a suitable replacement" instead.

> - An IdP's DisplayName is computed as follows. If the IdP's entity
> descriptor contains an <mdui:DisplayName> element, the IdP DisplayName
> is the value of <mdui:DisplayName>. Otherwise the IdP DisplayName is
> the value of the <md:OrganizationDisplayName> element.

These aren't requirements on the aggregate, but on its users. I don't think
that's really in scope.

If you do want to talk about this, you should probably say something about
language tags.

> For any given
> metadata aggregate, the list of IdP DisplayNames so computed MUST NOT
> contain any duplicates.

It's not quite clear what this means, but I think you're trying to push the
responsibility for avoiding duplicates upstream, and as discussed on the last
call I don't think that's practical. In the long term you need to have a
plan to deal with incoming duplicates, whether within a single upstream
aggregate or across several.

It's not even necessary to impose such a constraint in many cases; the only
place it matters is when discovery is actually being performed, which in the
case of someone like LIGO will likely be on a filtered subset of an aggregate
and not the whole collection.

> - Every SP entity descriptor MUST include an <mdui:DisplayName>
> element for login and consent purposes.

This seems unlikely to be satisfiable with the current penetration of MDUI.
To avoid constraining away a lot of entities you want to be able to deal
with, I think you'd be best to step back from the MUST here. I'd agree with
a SHOULD, but I can't see that the issues that arise if DisplayName is
missing for an SP are severe enough to justify discarding any such entities
entirely.

-- Ian



Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.16.

Top of Page