shibboleth-dev - RE: Federation Description XML file ?
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Federation Description XML file ?
- Date: Tue, 15 Nov 2005 10:14:37 -0500
- Organization: The Ohio State University
> Ok. It would also be nice if one could insert some description, why an
> attribute is required (but of course one could use an XML comment for
that).
Or just use the service description element to name the service in enough
detail to make it clear.
> Well, I haven't explained that point detailed enough. What we actually
> would like is that each Service Provider declares the Identity Providers
> within the same federation whose users have/should have access to this
> Service Provider.
I think it's *really* unlikely that most commercial SPs would be willing to
publish that information, since it represents on some level their customer
list.
> So an SP XY would then declare something like:
> - All users from IdPs of type 'university'
> - But not users from university Z
> - But also users from hospital W
That's authorization policy, and I also don't see people wanting to publish
that either. Not as a rule, certainly.
But to the extent that you wanted a schema for that, SAML metadata isn't it.
Something like XACML would be.
-- Scott
- Federation Description XML file ?, Lukas Haemmerle, 11/14/2005
- RE: Federation Description XML file ?, Scott Cantor, 11/14/2005
- Re: Federation Description XML file ?, Lukas Haemmerle, 11/15/2005
- RE: Federation Description XML file ?, Scott Cantor, 11/15/2005
- Re: Federation Description XML file ?, Lukas Haemmerle, 11/15/2005
- Re: Federation Description XML file ?, RL 'Bob' Morgan, 11/14/2005
- Re: Federation Description XML file ?, Tom Scavo, 11/14/2005
- RE: Federation Description XML file ?, Scott Cantor, 11/14/2005
Archive powered by MHonArc 2.6.16.