Shibboleth Developers

["Josh Howlett" <>]

> > I thought SAML 2.0 already supported this kind of operation? (eg.
> > SAMLMeta2 section 4.2.2.2)
> 
> DDDS isn't widely supported by software and organizations 
> don't provide enough access to their DNS to make it viable 
> anyway. I doubt that any commercial SAML products support it.

That's standards for you :-)

> The key (pun intended) is to get to a place where the 
> metadata is the *only* runtime determinant.

Out of curiousity, why metadata in particular and not something else? I
appreciate the desirability of eliminating the dependency on PKI (user
confusion, CA fickleness, etc), but PKIX is one trust system of many. Is
this an operational concern (simplest to keep entity configuration and
trust in one place?) or something else?

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG