>>>>> "Josh" == Josh Howlett <[log in to unmask]> writes:
>> We're also assuming (very pertinent to this discussion) a MTP
>> authority that is in a position to validate metadata.
Josh> I think this is the main difference between MTP and ASM. In
Josh> the MTP model, you may have multiple authorities vouching for
Josh> the same metadata document, or vouching for different metadata
Josh> documents describing the same entity. In the ASM model, there
Josh> is only a single authority vouching for an entity. Right?
Yes.
Josh> I'll also note that SAML metadata can be used as a general
Josh> purpose bucket, owing to XML extension points. I expect we can
Josh> derive the essential metadata statements from the AAA context
Josh> and rigorous profiling, but we definitely lose the bucket.
Agreed.
ASM is not a replacement for MTP.
If you need the bucket, multiple authorities, or the like, you really
need MTP.
|