I reviewed the section 5 text that talks about the naming issue, so here's my opinion based on that reading.
TL;DR, don't waste time overloading something already there, just define what you need. While I think there might be some tactical ways to do this on the SP side along the lines of what I said in the Jabber room last Thursday, I think ultimately you have a parallel problem on both ends that probably just needs to be solved consistently. In both cases, you have an entityID you're trying to evaluate in the context of a realm, so I think you just need to define a metadata extension to do that. As we've discussed, yes this looks like Scope, and in many cases it will be the same value, but that doesn't mean it's the same thing. That also doesn't address the SP end. There are two obvious choices here: - an explicit extension element - an entity attribute I'm completely ambivalent about which you use. Specifying an entity attribute is less work, but the XML is slightly more verbose in the end. An advantage that is unlikely to be all that important but YMMV is that defining a SAML Attribute for this allows the concept of the realm to be expressed in other contexts in SAML, and using the EntityAttributes extension means you can (but I doubt you would) actually embed a third party attestation to the realm information in the form of an actual SAML Assertion inside the metadata. On the subject of whether you should/need to do this now, I think there are other use cases for getting what amounts to a AAA "realm" mapped in metadata. We should just do it. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
