...
- SAML Metadata Profile for Algorithm Support
- Committee Draft clarifying the use of existing elements for expressing support for encryption algorithms. This also adds new elements for expressing support for signing algorithms. In cross federation situations, not everyone will support exactly the same algorithms. As an example the US Gov mandates SHA2 hash algorithms for all signing after Dec 31,2010. While US RP may require this other RP may not yet support it. A given IdP may need to configure signing or encryption algorithms on a per SP basis. IMI has similar issues. This is currently a Working Draft but is an example of some of the meta-data that may be required across federations.
- IdP Discovery and Login UI Metadata Extension Profile
- Draft spec by InCommon, not submitted to OASIS. SAML metadata [SAML2Meta] provide a mechanism for expressing some of the information necessary for SAML entities to successfully communicate with each other. However, in most SAML profiles there is also a user agent, usually representing an actual person, that also participates in the profiled message exchanges. This document defines a set of extensions to metadata that provide information necessary for user agents to present effective UIs and, in the case of IdP discovery, help recommend appropriate choices to the user.
Putting this all together, the point is that a consuming TFP could obtain metadata as often as necessary from a number of "input" TFPs and in a single document, establish the means for ongoing trusted communication across all the relevant protocols with all of the qualifying IdPs, including, for example, filtering out IdPs that failed to meet necessary assurance standards.