Re: [abfab] Direction Forward for aaa-saml

Leif Johansson <leifj@sunet.se> Wed, 22 July 2015 16:32 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 672331A8A07 for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 09:32:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.661
X-Spam-Level:
X-Spam-Status: No, score=-1.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmH0fhf8435A for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 09:32:31 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52FC11A0020 for <abfab@ietf.org>; Wed, 22 Jul 2015 09:32:31 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t6MGWTUS018651 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <abfab@ietf.org>; Wed, 22 Jul 2015 18:32:29 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id t6MGWQab012861 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <abfab@ietf.org>; Wed, 22 Jul 2015 18:32:28 +0200 (CEST)
VBR-Info: md=sunet.se; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1437582748; bh=nD+9NCD6eZULbB/rMtHPowNbWHg9FJXbxQZN6k7tby4=; h=Date:From:To:Subject:References:In-Reply-To; b=HTzorCm9/3zh4PzOgPF54zCptouP2QZIAxj/MGpk+qvuyC/c/rPiGWT9YLCQf762W sGErYBJZUcpxstr5ey3aCXcbWsgEEhAUTtaaaBbBMzbmdJYz68XPBSd2G2SWtT8K9T Mxh7nYUsnEyBDUUnY5Mf/NKSv9cFOHXAspLfdu0c=
X-Footer: c3VuZXQuc2U=
Received: from [31.133.176.110] ([31.133.176.110]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)) for abfab@ietf.org; Wed, 22 Jul 2015 18:32:24 +0200
Message-ID: <55AFC597.7040807@sunet.se>
Date: Wed, 22 Jul 2015 18:32:23 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: abfab@ietf.org
References: <tslwpxsy0ql.fsf@mit.edu> <8E4E5965-0E43-4ABD-8853-8A6C7C6926C5@mnt.se> <tsloaj4xzvr.fsf@mit.edu> <0B96365A-4F6B-427A-9A87-70F069473F84@mnt.se> <tsl7fpsxrve.fsf@mit.edu> <0A08B89E-5533-4E34-9014-97C0D7877B6E@osu.edu> <tslio9cw8yd.fsf@mit.edu> <D143C9FB-F878-49C1-89C4-6A494714A3EC@mnt.se> <tslegk0w7iw.fsf@mit.edu> <1FA8CCED-221E-4A88-B525-BF46FAA53A3F@mnt.se> <55AFC0E3.8030500@um.es> <tslpp3kuq2f.fsf@mit.edu> <55AFC24C.3070205@sunet.se> <tslh9owuptm.fsf@mit.edu> <55AFC37D.1040607@mnt.se> <tsl4mkwupis.fsf@mit.edu> <A03FA174-B811-4B78-96D7-4C18C84CB30B@osu.edu>
In-Reply-To: <A03FA174-B811-4B78-96D7-4C18C84CB30B@osu.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09OTswtPe - 5c6e1cb8acf2 - 20150722
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=<leifj@sunet.se>; helo=smtp1.sunet.se; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/y58IEIkSifRcVreN-b7GzgDSuKw>
Subject: Re: [abfab] Direction Forward for aaa-saml
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 16:32:32 -0000

On 2015-07-22 18:29, Cantor, Scott wrote:
> On 7/22/15, 12:26 PM, "abfab on behalf of Sam Hartman" <abfab-bounces@ietf.org on behalf of hartmans@painless-security.com> wrote:
> 
> 
>>
>>    Leif> Thats why we have the Binding parameter! If you don't
>>    Leif> understand the Binding then you can't use the Endpoint.
>>
>> No, my point is that until the URI is specified, it seems unlikely that
>> two implementations would both work with this endpoint.
>> I absolutely agree that it wouldn't break other bindings.
>> But for example if one implementation wanted radsec://... and one wanted
>> radius+tls://... then they wouldn't both be able to consume the same
>> metadata.
> 
> Leif's point is that if you don't specify any bindings, you won't have any interop issue. But if you don't account for the endpoint element(s) in the schema, you can't add them later.

just so