On 11/11/2013 06:48 PM, Cantor, Scott wrote: > I reviewed the section 5 text that talks about the naming issue, so here's > my opinion based on that reading. > > TL;DR, don't waste time overloading something already there, just define > what you need. > > > While I think there might be some tactical ways to do this on the SP side > along the lines of what I said in the Jabber room last Thursday, I think > ultimately you have a parallel problem on both ends that probably just > needs to be solved consistently. > > In both cases, you have an entityID you're trying to evaluate in the > context of a realm, so I think you just need to define a metadata > extension to do that. > > As we've discussed, yes this looks like Scope, and in many cases it will > be the same value, but that doesn't mean it's the same thing. That also > doesn't address the SP end. > > There are two obvious choices here: > > - an explicit extension element > - an entity attribute > > I'm completely ambivalent about which you use. Specifying an entity > attribute is less work, but the XML is slightly more verbose in the end. > An advantage that is unlikely to be all that important but YMMV is that > defining a SAML Attribute for this allows the concept of the realm to be > expressed in other contexts in SAML, and using the EntityAttributes > extension means you can (but I doubt you would) actually embed a third > party attestation to the realm information in the form of an actual SAML > Assertion inside the metadata. > > On the subject of whether you should/need to do this now, I think there > are other use cases for getting what amounts to a AAA "realm" mapped in > metadata. We should just do it. As an individual I'm all for an entity attribute. That also gives us the impetus to finalize the entity category draft (http://macedir.org) > -- Scott > > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
