shibboleth-dev - RE: query profile support in Shib 2

Subject: Shibboleth Developers

List archive

RE: query profile support in Shib 2

From: "Scott Cantor" <>
To: <>
Subject: RE: query profile support in Shib 2
Date: Mon, 31 Jul 2006 16:58:35 -0400
Organization: The Ohio State University

> > Yeah, I'm just not convinced of the need for some of your constraints on
> > the relationship between SAML and certificates. Maybe for some
> > deployments, but that's a policy not a profile.
>
> So you'd feel better if some of those requirements were MAY
> rather than MUST?

Well, they lose value as a MAY, they're already MAY. My point isn't to say
"that's a bad policy", it's just saying I'm not sure whether you want a
generic profile for X.509 <-> SAML credential translation making them all
MUSTs. They seem like deployment considerations, the same as any certificate
evaluation rules are today (and of course those are rarely understood).

-- Scott

RE: query profile support in Shib 2, (continued)
- RE: query profile support in Shib 2, Scott Cantor, 07/29/2006
  - Re: query profile support in Shib 2, Tom Scavo, 07/30/2006
    - RE: query profile support in Shib 2, Scott Cantor, 07/30/2006
      - Re: query profile support in Shib 2, Tom Scavo, 07/30/2006
        
        RE: query profile support in Shib 2, Scott Cantor, 07/30/2006
        
        Re: query profile support in Shib 2, Tom Scavo, 07/31/2006
        
        RE: query profile support in Shib 2, Scott Cantor, 07/31/2006
        Re: query profile support in Shib 2, Tom Scavo, 07/31/2006
        RE: query profile support in Shib 2, Scott Cantor, 07/31/2006
        Re: query profile support in Shib 2, Tom Scavo, 07/31/2006
        RE: query profile support in Shib 2, Scott Cantor, 07/31/2006

List archive

RE: query profile support in Shib 2