Per-Entity Metadata Working Group

[Tom Scavo <>]

On Wed, Sep 21, 2016 at 12:15 PM, Cantor, Scott 
<>
 wrote:
> On 9/21/16, 12:09 PM, 
> "
>  on behalf of Tom Scavo" 
> <
>  on behalf of 
> >
>  wrote:
>
>>    Can you describe how content-negotiation might play into this?
>
> I just mean the files would be pre-signed in various formats and pushed 
> out, and then the server would look at the Accept header to decide which 
> format to return. Maybe with MIME type options or just by defining custom 
> MIME types or whatever.

Ah, so I *did* misunderstand you. I think you're suggesting we publish
JSON format metadata in addition to XML. I don't disagree with that.
It overlaps with conversations we've had regarding JSON feeds for
discovery.

> I suppose if the formats composite safely maybe it doesn't matter that 
> much, but there's certainly a non-trivial parsing overhead to XML Signature 
> since all that XML is rather bloated.

Yes, many developers and deployers dismiss XML out of hand (whether or
not it's warranted).

> This is OT: I suppose we haven't discussed this, but it isn't essential 
> that the KeyInfo be included here. It's good practice I guess, but when 
> you're signing ton of little files, it seems more gratuitious to me to 
> include a reference to the key everybody already needs to have installed. 
> It's meaningless in a huge file, but in these? I'm thinking not so much.

Okay, I'll add this tidbit to: 
https://issues.shibboleth.net/jira/browse/MDA-76

Thanks,

Tom