Re: [abfab] Direction Forward for aaa-saml

"Cantor, Scott" <cantor.2@osu.edu> Wed, 22 July 2015 16:31 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8392C1A8711 for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 09:31:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kV18GsHutddS for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 09:30:57 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0791.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:791]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D837F1A8A4E for <abfab@ietf.org>; Wed, 22 Jul 2015 09:30:16 -0700 (PDT)
Received: from BN1AFFO11FD034.protection.gbl (10.58.52.34) by BN1AFFO11HUB033.protection.gbl (10.58.52.144) with Microsoft SMTP Server (TLS) id 15.1.213.8; Wed, 22 Jul 2015 16:29:59 +0000
Authentication-Results: spf=pass (sender IP is 164.107.81.222) smtp.mailfrom=osu.edu; ietf.org; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.222 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.222; helo=cio-tnc-pf08.osuad.osu.edu;
Received: from cio-tnc-pf08.osuad.osu.edu (164.107.81.222) by BN1AFFO11FD034.mail.protection.outlook.com (10.58.52.158) with Microsoft SMTP Server (TLS) id 15.1.213.8 via Frontend Transport; Wed, 22 Jul 2015 16:29:59 +0000
Received: from CIO-TNC-HT08.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by cio-tnc-pf08.osuad.osu.edu (Postfix) with ESMTPS id E47172E0036; Wed, 22 Jul 2015 12:29:57 -0400 (EDT)
Received: from CIO-TNC-D2MBX02.osuad.osu.edu ([fe80::3960:dd86:ba2:ad26]) by CIO-TNC-HT08.osuad.osu.edu ([fe80::8431:784b:bd14:3d8%18]) with mapi id 14.03.0224.002; Wed, 22 Jul 2015 12:29:56 -0400
From: "Cantor, Scott" <cantor.2@osu.edu>
To: Sam Hartman <hartmans@painless-security.com>, Leif Johansson <leifj@mnt.se>
Thread-Topic: [abfab] Direction Forward for aaa-saml
Thread-Index: AQHQxJDZqOsHJ1Kgwk2OrlaTR/AXL53n3C2AgAAQHYD//73EgYAAQ+oA//+9jq2AAEPegP//vl+dAAAMf4A=
Date: Wed, 22 Jul 2015 16:29:55 +0000
Message-ID: <A03FA174-B811-4B78-96D7-4C18C84CB30B@osu.edu>
References: <tslwpxsy0ql.fsf@mit.edu> <8E4E5965-0E43-4ABD-8853-8A6C7C6926C5@mnt.se> <tsloaj4xzvr.fsf@mit.edu> <0B96365A-4F6B-427A-9A87-70F069473F84@mnt.se> <tsl7fpsxrve.fsf@mit.edu> <0A08B89E-5533-4E34-9014-97C0D7877B6E@osu.edu> <tslio9cw8yd.fsf@mit.edu> <D143C9FB-F878-49C1-89C4-6A494714A3EC@mnt.se> <tslegk0w7iw.fsf@mit.edu> <1FA8CCED-221E-4A88-B525-BF46FAA53A3F@mnt.se> <55AFC0E3.8030500@um.es> <tslpp3kuq2f.fsf@mit.edu> <55AFC24C.3070205@sunet.se> <tslh9owuptm.fsf@mit.edu> <55AFC37D.1040607@mnt.se> <tsl4mkwupis.fsf@mit.edu>
In-Reply-To: <tsl4mkwupis.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [128.146.14.100]
Content-Type: text/plain; charset="utf-8"
Content-ID: <7BDD492BC1E34143A197DCEFBE6B70B7@osu.edu>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD034; 1:HEGFh5pgCtvlDlRyIlaSjXMXKzTlAygT1CH6MkkpJ8IYA31rEgjQAKswy1eMuhs4BPwLtEy2pGgwTM6jJbzEG3HlgEy8FlJvwEej7C3Y6JpgVg4t7Oh4MJuaA9faqVLOEQaHsIAHcOSXkG2h5RBS2ZMDZ6frTG8Pw1o9Cg/jfvWAVt6WNQrEDE5wWtq/QxUqHTV9St2Aj3qiA9XGbkebOXljeRw5in8JzauNGIXoA9mvF3TRH0bHLO48A6JvjCfDoxsvz1s2pzEWs/IaDg9FWl+hjM0LqC9mxfcC5a6wg4xsEr60IPBidkdMsm9LGTrsu9Yb8D4Qe/onTjNSZ13nieEHQu82rQ2NuLJ6I3+BhBWCAUQqAZk5lvbvCKVzz7DqtP+WcnPlH848q1H2mThNhvtA31vzkidlwQbL/c1WwOg=
X-Forefront-Antispam-Report: CIP:164.107.81.222; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(377454003)(24454002)(199003)(479174004)(189002)(106466001)(83716003)(82746002)(106116001)(50466002)(93346002)(5250100002)(87936001)(5001770100001)(5003600100002)(2656002)(189998001)(54356999)(77156002)(62966003)(76176999)(50986999)(23676002)(46102003)(75432002)(33656002)(92566002)(6806004)(2900100001)(19580405001)(102836002)(86362001)(2950100001)(93886004)(19580395003)(109096001)(89122001)(90282001)(36756003)(47776003)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1AFFO11HUB033; H:cio-tnc-pf08.osuad.osu.edu; FPR:; SPF:Pass; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB033; 2:/vJcxXbkApidDGNTKUnigjqjhqRUKArROI5lLeVbEycMjMwqhxkh9bXFzjDqx+xZ; 3:cZ1g4nvIVciCyKL9lfOlTRtkqubJIT+cxisdQ2Sfd7Yi/3w2bgcF5l00lOtb9bWOznjjbL6qtIWyR2NezSe2sIRYyTBPWBCoPvSAsJ2OWHFTpR0iUS6W8mjKh45jw3x3gs/HtSchca/Z7M8VkNgRZQ4g+mmyySKwRj8aN/EOUvyGL3HyVqLRQ20Yd4UBqvWgi03ggvVpu3o0lJUObhWWk/hWO7syWjOvAkqbyVwoO9Evf6QJyiRuzPXJdoSG/zpE; 25:wUS7MK3oONJDo+HH9xt0Mkal6ZsJQYMjNr73yrAHZh1NT4AfjB4DRYvKCBVhVomBH5w6L1Ed05R6t5W3iHuW1lfTmxBjacngb+8ghAVRXhAIC2KqQTy/7TfH7XtSYyq+VrVR15UlKo+PdK7H80yVB33kUsPKiKIxLVK9vZ728L4g1sAyliJXuGSOJ796iMg3ZviIww9CMI47ZsFgUxQ4XjeE8l5tRHOUGLzB44k7nEIw4Th6tNq+No13OQo2ydQ8zuwxHugKMu3T5inUJ5Y3jA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1AFFO11HUB033;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB033; 20:RxcaZ5IEwiWqlMrg/n2KyO/1N/nspZxikhHza2lNsDWjHfzZtbzF9pHtOPHmDK7zsUaV5dvrpIbU4ipQ+gt/VO2hUNXKfW60tt6ZnUa54yhVo/MCiLAM04ndMjJc0uTzoTjI/GlHgbDl4gk1jkXItQtYn5VZpVfuyq0pKWLnQD7b3+yvb+z6Nso4r18sJpLnzgFY5xDQbLe72IxbVT6Wb+HRTgTub1jo6jnsKnj3qUAYXnWHrJnHTy37BEYayU2+FVZ6HyKvA5vuQW0Ayhsg6ggZlU36G5q3RV78sKg64BsACey0xNYX3O9haMB1AraUrnzH8X9VVZCuFiMek+noDXjDUanluTwWoOcqUsluCMZY7FDL1EAjTLo7hkQxqudlLunvjxXCwl7F1vq+xCo1poXW2aGeDPsEcN1N3Jfb1Eb3SgHTwWRDmx0ny6htd9TjrqJ4XdsEUdNnaN1UtFypoOvdZ/gvMZWi4U8nhpMJ2FLN1n1cT4jUSp8MpJNjTaf6; 4:D3eyZj9eWw3CLqyTOpOu8fMG2zYdCcEY7Cgox91YTLfBVkambzHl2G3Tx6ACAg4d4J8vBsX4wAXbKp0LuVgZq70XWC5PDol5Ut6xcvfpUTz6cnQVPt+X++OWsJ9g/t3owgx8ZazW9TmjaMLSWQtC7y3aOSqd3i0+2smlzu3JuTt7T75c/BUHR0CDhayNuLEudIl3d3xP5+0unwjMoBT/pSfJ+vsWH6b+4GBuxUZ1//6dyffWAFPEBHdhdB4Bs70pAUa07qPAaPTO4nF6+geMTEpCfTzSZuN5Q2SmyHRrQHE=
BN1AFFO11HUB033: X-MS-Exchange-Organization-RulesExecuted
X-Microsoft-Antispam-PRVS: <BN1AFFO11HUB033E7839B1BCBB1A43E8D6ED0830@BN1AFFO11HUB033.protection.gbl>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BN1AFFO11HUB033; BCL:0; PCL:0; RULEID:; SRVR:BN1AFFO11HUB033;
X-Forefront-PRVS: 0645BEB7AA
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjFBRkZPMTFIVUIwMzM7MjM6MElaakdYR3lIK3VzK3YrSHZNZUFSZzBK?= =?utf-8?B?NEpSWUVMQ3pIU3ZCY2hKNkpEdGE4VW1PMVlIRGprcjZaaDlyOVdFcWpMbFo1?= =?utf-8?B?bGg2KzNEZWtEa0MwU2tnTkRYdUFoNUZ3YURyQ2JqRG53cTIveGNFWFFudFRM?= =?utf-8?B?bzBmajZVNHJjTmxjQ1oxUUhkZ2NFd1Ara1pKNnYyQjFDYm80bklabzM0NTQx?= =?utf-8?B?YkhtVFZCNHZqTUlhN2tZam8waTFndEdYdnNkUE1LdzU4RFJJTWVOSTdHdUp2?= =?utf-8?B?Z1ZBWUdsc0xZVi9Eczk0VjVzUEZqbjczNEVlakI0M25leTJaTTU5L09wcG13?= =?utf-8?B?TjQ3V1Y4akhYWmlLSS9TWkZwaXJYTzFnVGlrUHd6aUZZQyt6dlRNcjZnWjhw?= =?utf-8?B?RjRpaDROaHNWQmNOV1daclJOcTBZdTh0T3BDK0FUTGZtRkNsZVA4OWFkRUZP?= =?utf-8?B?UytBTVRjNFdrY1ZlbWFjNGJPbFVFdEMzUUcyTURCL2FwSzB1b0RCRGVrTFFl?= =?utf-8?B?V09XeEU3Q1MvQ3o1L3VFeHJrcWZTbXc1RXFBS1JtN2F1Nm9lVVdURy94OXVJ?= =?utf-8?B?Nmt2NzhoRGxxY2JOWDYxazFJdHRFaGh0M2Rrbm5TZXJERWJwOEgwbDVDYW5q?= =?utf-8?B?TUt3L2lNUFovenkyQVdRaER2ZWQ4U0Vjd0w2aHg1MllpdmVCZG82eTFYOUk1?= =?utf-8?B?RjIxTlNyZnMrSlZ0YU1GamsxY294aG1OUEZ5NnpNLzUxN1pXTlVvb29EZ3FY?= =?utf-8?B?d0FIK0J4MTVRSGlDQlpoSi9uVTN1ZzNDb045ZTQyQmpSc1RXM2NFNjZFV3h4?= =?utf-8?B?cGNvS0tvR21YaTk5WWcyZTRCVU1JV2gyY1p5ZEZPcGdhWnltampyM25LY0k5?= =?utf-8?B?T2NYbEt4bnpPMnY4RzYzN2JpL2FBZTBiWTBHN1ZIY2FhVUI2aVMxeDdqSS9t?= =?utf-8?B?Q0YwWU9BNkFKbVY5TU50V3UxeDRPUGcvSG5EWDJwT2htb1lYaDhtTGpCaW9s?= =?utf-8?B?SFplZXBJZEdibGtnbUNOWVBWU0laZjVGRGhINmxQcEJoRXZxemhET1VsTVcw?= =?utf-8?B?OHFETHVva3Q2bXBCZmNXc3d5cjB0TnNGL0psaDR3Q2krUjVNZnVxd2h1WHFK?= =?utf-8?B?YkhVZjJnSmkzeGJwakFicjJVUjJ3UjZpakU1dzVIcDEwUW5sWERZR3dwZ3Fi?= =?utf-8?B?Tm9YTTNaRXhLUEJJRDRMYUFVenE2SXhVa2gwT1lTZ0FidFhuZ2N2cUkzak9t?= =?utf-8?B?THJCcmVDSk4vVFdiYStyQVVsZzlmOEwza0NDejNJbEEra1ZLcWZBMS9kd2tH?= =?utf-8?B?QTFCcURmeml0bmVVZDhIVEMzcXkwVGN2OHV3R3VFbzYvaEFIVzhPU0VsaUx1?= =?utf-8?B?MGVlRVVFKyttdG5EakxKcXk3T2srRVU0VGJXa0I0dWZwZVd6ZXUwUVUzSzZR?= =?utf-8?B?cys2c3cxdWxrb0JRc2NKYXlMNnlQK05kVWQ4NVlOU3RhejFuZkJEOGs1WEEy?= =?utf-8?B?SEl6VWR5UDZWbGRuazFDUlBxMzNpN3U4a1czaURodnJtOUw1bDNZRjNrZ3ZP?= =?utf-8?Q?ylr?=
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB033; 5:HRKVAorQVlX+6cnSIJE9nthfdyLBcfvUpisA8thdJymlyiS7MUflow1JkTE/000C67WBlI8ScoE7S0MLG6fpOqCbMe+DdmduOCK0qIKHkyua+DMNRolt3pIKk6Fr/dXYnLqkbm8zGbv5lcP1gxrN2A==; 24:kU7edLNYoAz1/NhgoHhEbwyW+529oV9sZmnuEiak2ruUmxG5b7o+D8OgR8bXbQ0vtp6Hx+rDj/QY/W+GQJsNUvjOS71OQfMusfALahdJJYs=
X-OriginatorOrg: osu.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2015 16:29:59.2534 (UTC)
X-MS-Exchange-CrossTenant-Id: b4d138ca-1815-4a9b-a3a7-130a33b1e692
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b4d138ca-1815-4a9b-a3a7-130a33b1e692; Ip=[164.107.81.222]; Helo=[cio-tnc-pf08.osuad.osu.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1AFFO11HUB033
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/3H9KCIXn6Z1-aEpcrRXztMeoiT0>
Cc: "abfab@ietf.org" <abfab@ietf.org>
Subject: Re: [abfab] Direction Forward for aaa-saml
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 16:31:04 -0000

On 7/22/15, 12:26 PM, "abfab on behalf of Sam Hartman" <abfab-bounces@ietf.org on behalf of hartmans@painless-security.com> wrote:


>
>    Leif> Thats why we have the Binding parameter! If you don't
>    Leif> understand the Binding then you can't use the Endpoint.
>
>No, my point is that until the URI is specified, it seems unlikely that
>two implementations would both work with this endpoint.
>I absolutely agree that it wouldn't break other bindings.
>But for example if one implementation wanted radsec://... and one wanted
>radius+tls://... then they wouldn't both be able to consume the same
>metadata.

Leif's point is that if you don't specify any bindings, you won't have any interop issue. But if you don't account for the endpoint element(s) in the schema, you can't add them later.

-- Scott