entity descriptors from multiple registrars

Cantor, Scott cantor.2 at osu.edu
Wed Sep 17 11:13:47 EDT 2014

On 9/17/14, 10:36 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>> I think when you dig into this a little, though, the answer is that I
>> don't care who the registrar is, but what some particular policy is.
>If we think that registrars will support multiple policies, then yes, I

By "policy", I meant "specific thing the registrar does that I want to

>> And I think that ought to be expressed directly rather than through
>> based on the registrar
>As you probably know, the MDRPI SAML metadata extension carries the
>registrar's policy URL in addition to the registrar's identifier, but
>if the policy changes, the URL MUST change (according to the spec) so
>I'm not seeing much value in keying off the policy.

I think those policies are the macro, but that application decisions will
be based on the micro. That's another way of saying the same thing, a
broad policy URI that changes when any little detail does won't be useful
for app policy.

>I'm not following you there but clearly there is much to talk about
>(and my need is immediate). Where should this discussion take place?

REFEDS, probably. But fundamentally we need use cases and specifics and
apps that care, otherwise we're inventing problems apps don't care about,
like with assurance (IMHO).

-- Scott

More information about the users mailing list