Multiple Certificate Scenario
Tom Scavo
trscavo at gmail.com
Thu Aug 28 09:34:53 EDT 2014
On Thu, Aug 28, 2014 at 8:26 AM, Ian Young <ian at iay.org.uk> wrote:
>
> On 28 Aug 2014, at 12:53, Tom Scavo <trscavo at gmail.com> wrote:
>
>> On Wed, Aug 27, 2014 at 8:49 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>>>
>>> There aren't any widely deployed/supported ways right now of associating
>>> an entity with something like a federation that is future proof
>>
>> I thought we were going to rely on the <mdrpi:RegistrationInfo>
>> extension element attached to each entity descriptor? The value of the
>> registrationAuthority XML attribute is a persistent identifier for the
>> federation, is it not?
>
> The spec intentionally steers clear of talking about federations and instead talks about registrars. At the moment there's a one-to-one mapping in most cases between federations and registrars, but that isn't necessarily always going to be the case.
Well, I happen to think that registrar is the correct granularity in any case.
> Whether you can use registrationAuthority as a proxy for "a federation" depends on the particular property of "a federation" that you want to distinguish, and what purpose you want to put the information to.
I claim that registrationAuthority is all that matters since the
notion of a "federation" is too abstract (as Scott mentions).
The point is moot, however, since AFAIK the SP does not support the
MDRPI extension elements, right?
Tom
More information about the users
mailing list