********************************* This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ********************************
Regarding the proposal about discovery related information in SAML metadata,
my project has been developing a proposal for a new metadata extension that
addresses things like display names and logos, and it should be making it's
way to OASIS at some point soon, not sure about our schedule yet.
We have elected not to go forward with the use of the Organization element
because there are existing practices around that element that conflict with
the requirements of discovery.
(Obviously others can still take proposals to OASIS on this, I'm just noting
our position for the record.)
The other minor comment I had was that the charter proposal (as the original
ULX charter does) equates OpenID and OAuth with SAML as formal standards,
but that's not the case. They're at most de facto, while SAML and IMI are
formal standards. It may seem a minor point, but accuracy matters in these
conversations when one is constantly fighting technical misinformation
already.
-- Scott
_______________________________________________
WG-IdP-Selection mailing list
WG-IdP-S...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-idp-selection
-----Message d'origine-----
De : wg-idp-selec...@kantarainitiative.org [mailto:wg-idp-selec...@kantarainitiative.org] De la part de Scott Cantor
Envoyé : lundi 15 mars 2010 19:47
À : CLEMENT Philippe NAC AAD; wg-idp-s...@kantarainitiative.org
Objet : Re: [WG-IdP-Selection] Kantara IDP Selection Hillsboro meetingMarch 10th
Yes, but with several caveats. I didn't write the material, not all of it is
agreed to even internally yet, and it definitely isn't ready to submit to
OASIS yet.
https://spaces.internet2.edu/display/~laj...@idp.protectnetwork.org/DSUI
https://spaces.internet2.edu/download/attachments/9731/saml_ds_login_ui_02.o
dt
This is just work in progress material.
> Is it different from the "SAML Metadata
> Extension for Entity Attributes" ?
Yes, it has no connection. Using that extension results in a lot of bloat
without any compelling benefits, so that isn't the current proposal. One
problem is that some of the data for discovery is not just simple strings,
and most products that deal with SAML attributes (such as would be in that
original extension) can't be bothered to support non-trivial attribute
values.
> As mentioned in the slides, one missing element might be also a way to
> express in the SAML Metadata the list of AuthnContext classes supported by
> an IDP (in the same way as the LoA status). Am I right or is it something
> that already exists in SAML specs ?
No, it hasn't been done, but an attribute could be defined for that and the
EntityAttributes extension used, I suspect, since we're doing that for LOA
anyway.