shibboleth-dev - Re: Metadata Generator
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: Metadata Generator
- Date: Wed, 10 Aug 2005 14:32:06 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Up/dZpWNQ9j71FIeiZUVaTChZEIFhdJ6cB5VnrawwabCmkK1LuQW32MV+PzxX3HiBL8iLOs01zbQX/Wv9hPlKn4vJpCRziNNZ/BhEzNItd6TsI6CpQaDV6axf9BNNmbc7RuwMJWKx5+Y/G+cGC41MW+upom6zRg0iefULqUzlEU=
On 8/10/05, Scott Cantor
<>
wrote:
> > Right, I see what you're saying, but the EntitiesDescriptor wouldn't
> > be complete without schemaLocation so that would have to be added
> > after the fact.
>
> No, it doesn't. schemaLocation is not required in XML and is ignorable even
> if it's present.
I admit I don't understand this attribute, but it's in every metadata
file you distribute so how can you get away with not using it here?
> > Also, what about the Name attribute? That also needs
> > to be added after the fact, and the IdP config file needs to be
> > adjusted accordingly. All in all, it seems the EntitiesDescriptor
> > element is more trouble than it's worth.
>
> I agree, in this case, that's why I said not to use it. Maybe you
> misunderstood me?
Suppose I'm an IdP trying to use this tool. Since the Name attribute
is only of use to the SP, I agree the tool should not bother to
include it. But the SP will almost certainly be using the Name
attribute to refer to a group of IdPs (if not, it should be) so the
EntitiesDescriptor element produced by the tool is of no use to the
SP. So why produce an EntitiesDescriptor element at all?
There will have to be documentation telling a metadata consumer what
to do with the metadata received from a partner. Are you going to
suggest the RelyingParty element refer to a Name (as opposed to an
entityID)? I think you would want to do that, right?
Actually, you could provide an EntitiesDescriptor stub in the
distribution itself. Appropriate MetadataProvider and RelyingParty
elements that read this stub could even be included in the
distribution. If you'd rather not pollute the config, that's fine,
but an EntitiesDescriptor stub could be provided so that the metadata
consumer could just plug in one or more EntityDescriptor elements.
Unless I'm missing something, I don't think the tool should emit an
EntitiesDescriptor element. I think it should emit (signed)
EntityDescriptor elements only. These would then be plugged into a
stub provided in the distribution.
Tom
- Metadata Generator, Nate Klingenstein, 08/09/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Nate Klingenstein, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Nate Klingenstein, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Nate Klingenstein, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Nate Klingenstein, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
- Re: Metadata Generator, Tom Scavo, 08/10/2005
- RE: Metadata Generator, Scott Cantor, 08/10/2005
Archive powered by MHonArc 2.6.16.