Metadata Changeover Questions

McKean, Brandon Scott - mckeanbs mckeanbs at jmu.edu
Wed Jul 22 13:53:00 EDT 2015


Thanks for the clarification there. In this case it would be used as a means of avoiding another obstacle for when/if we can move off SAML1.

Since we already intend to have a discussion with service providers regarding required attributes, do you think it'd be appropriate to discuss their SAML2 support as part of that? Or is this something most providers are going to have no clue about? I'd prefer to discuss it with them and move forward since we're doing that anyway, likely also referring to information gathered from implementing the change you suggest, but whilst not relying on it entirely.

Thanks,

Brandon

On Wed, 2015-07-22 at 17:35 +0000, Cantor, Scott wrote:

On 7/22/15, 1:25 PM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of mckeanbs at jmu.edu<mailto:mckeanbs at jmu.edu>> wrote:





All that said, for onboarding new SPs outside of InCommon, can I safely hand them metadata with only SAML2 support outlined, assuming they support it? Or would you consider it advisable to publish the same metadata to all?



If the long term plan is to remove the SAML 1 information, it's probably fine, but since I don't really see most people getting to that point easily, I would say it's simpler to have one consistent set. I don't personally like having to guess what metadata somebody is consuming. If my InCommon metadata differs, it's because I'm deliberately doing something I want to keep out of InCommon for some reason.

-- Scott


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150722/800f3c48/attachment.html>


More information about the users mailing list