On 2014-07-24 18:03, Josh Howlett wrote:
> Hi Leif,
>
>> Fair enough but I believe your cure is much worse than the affliction of
>> having to deal with SAML metadata.
>
> Could you elaborate?
I think you are hoping for a way to establish canonical names for
AAA-SAML entities based on properties of the endpoint that makes the
name unique.
I believe that will be ultimately a fruitless exercise and I believe
the practice of SAML metadata management doesn't introduce enough pain
to warrant introducing a complex naming scheme for endpoints to avoid
it (if that is indeed your proposal).
The normal approach for a SAML binding would be to define a Binding URI
for the new endpoint. The signature on SAML metadata would provide
name2key binding between the entityID and the Binding element. This
approach requires a URI representation of EAP endpoints but I assume
that wouldn't be hard.
What is wrong with that approach and what (if any) problems remain if
we choose to go that way for ABFAB?
Cheers Leif
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
