MIME Type Registration Request Approval: application/samlmetadata+xml
IETF Secretariat <ietf-secretariat-reply@ietf.org> Mon, 01 November 2004 23:09 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18086; Mon, 1 Nov 2004 18:09:26 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1COlXl-0007sB-Em; Mon, 01 Nov 2004 18:24:57 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1COkru-00021s-BW; Mon, 01 Nov 2004 17:41:42 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1COkhG-0003Uw-2G for ietf-announce@megatron.ietf.org; Mon, 01 Nov 2004 17:30:42 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13854 for <ietf-announce@ietf.org>; Mon, 1 Nov 2004 17:30:40 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1COkwF-0006mD-Fz for ietf-announce@ietf.org; Mon, 01 Nov 2004 17:46:11 -0500
Received: from apache by megatron.ietf.org with local (Exim 4.32) id 1COkId-0005dz-6z; Mon, 01 Nov 2004 17:05:15 -0500
Content-Type: text/plain
To: IANA <iana@iana.org>
From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
Message-Id: <E1COkId-0005dz-6z@megatron.ietf.org>
Date: Mon, 01 Nov 2004 17:05:15 -0500
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f884eb1d4ec5a230688d7edc526ea665
Cc: ietf-announce@ietf.org
Subject: MIME Type Registration Request Approval: application/samlmetadata+xml
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a4a24b484706be629f915bfb1a3e4771
The IESG has approved a request to register the "application/samlmetadata+xml" MIME media type in the standards tree. This media type is a product of the Organization for the Advancement of Structured Information Systems (OASIS). The IESG contact persons are Ted Hardie and Scott Hollenbeck. MIME media type name: application MIME subtype name: samlmetadata+xml Required parameters: none Optional parameters: charset Same as charset parameter of application/xml [RFC3023]. Encoding considerations: Same as for application/xml [RFC3023]. Security considerations: Per their specification, samlmetadata+xml typed objects do not contain executable content. However, these objects are XML-based [XML], and thus they have all of the general security considerations presented in section 10 of [RFC3023]. SAML metadata [SAMLv2Meta] contains information whose integrity and authenticity is important - identity provider and service provider public keys and endpoint addresses, for example. To counter potential issues, the publisher may sign samlmetadata+xml typed objects. Any such signature should be verified by the recipient of the data - both as a valid signature, and as being the signature of the publisher. Additionally, various of the publication protocols, e.g. HTTP-over-TLS/SSL, offer means for ensuring the authenticity of the publishing party and for protecting the metadata in transit. [SAMLv2Meta] also defines prescriptive metadata caching directives, as well as guidance on handling HTTPS redirects, trust processing, server authentication, and related items. For a more detailed discussion of SAML v2.0 metadata and its security considerations, please see [SAMLv2Meta]. For a discussion of overall SAML v2.0 security considerations and specific security-related design features, please refer to the SAML v2.0 specifications listed in the below bibliography. The specifications containing security-specific information are explicitly listed. Interoperability considerations: SAML v2.0 metadata explicitly supports identifying the protocols and versions supported by the identified entities. For example, an identity provider entity can be denoted as supporting SAML v2.0, SAML v1.1 [SAMLv1.1], Liberty ID-FF 1.2 [LAPFF], or even other protocols if they are unambiguously identifiable via URI [RFC2396]. This protocol support information is conveyed via the protocolSupportEnumeration attribute of metadata objects of the RoleDescriptorType. Published specification: [SAMLv2Meta] explicitly specifies use of the application/samlmetadata+xml MIME media type. Applications which use this media type: Potentially any application implementing SAML v2.0, as well as those applications implementing specifications based on SAML, e.g. those available from the Liberty Alliance [LAP]. Additional information: Magic number(s): In general, the same as for application/xml [RFC3023]. In particular, the XML root element of the returned object will be one of <md:EntityDescriptor>, <md:AffiliationDescriptor>, or <md:EntitiesDescriptor>. where "md" maps to the SAML v2.0 metadata namespace: urn:oasis:names:tc:SAML:2.0:metadata File extension(s): none Macintosh File Type Code(s): none Person & email address to contact for further information: This registration is made on behalf of the OASIS Security Services Technical Committee (SSTC) Please refer to the SSTC website for current information on committee chairperson(s) and their contact addresses: http://www.oasis-open.org/committees/security/. Committee members should submit comments and potential errata to the securityservices at lists.oasis-open.org list. Others should submit them by filling out the web form located at http://www.oasis-open.org/committees/comments/form.php?wg_abbrev=s Additionally, the SAML developer community email distribution list, saml-dev at lists.oasis-open.org, may be employed to discuss usage of the application/samlmetadata+xml MIME media type. The "saml-dev" mailing list is publicly archived here: http://lists.oasis-open.org/archives/saml-dev/. To post to the "saml-dev" mailing list, one must subscribe to it. To subscribe, send a message with the single word "subscribe" in the message body, to: saml-dev-request at lists.oasis-open.org. Intended usage: COMMON Author/Change controller: The SAML specification sets are a work product of the OASIS Security Services Technical Committee (SSTC). OASIS and the SSTC have change control over the SAML specification sets. Bibliography [LAP] "Liberty Alliance Project". See http://www.projectliberty.org/ [LAPFF] "Liberty Alliance Project: Federation Framework". See http://www.projectliberty.org/resources/ specifications.php#box1 [OASIS] "Organization for the Advancement of Structured Information Systems". See http://www.oasis-open.org/ [RFC2396] T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifiers (URI): Generic Syntax. IETF RFC 2396, August 1998. Available at http://www.ietf.org/rfc/rfc2396.txt [RFC3023] M. Murata, S. St.Laurent, D. Kohn, "XML Media Types", IETF Request for Comments 3023, January 2001. Available as http://www.rfc-editor.org/rfc/rfc3023.txt [SAMLv1.1] OASIS Security Services Technical Committee, "Security Assertion Markup Language (SAML) Version 1.1 Specification Set". OASIS Standard 200308, August 2003. Available as http://www.oasis-open.org/committees/download.php /3400/oasis-sstc-saml-1.1-pdf-xsd.zip [SAMLv2.0] OASIS Security Services Technical Committee, "Security Assertion Markup Language (SAML) Version 2.0 Specification Set". WORK IN PROGRESS. Available at http://www.oasis-open.org/committees/security/ [SAMLv2Bind] S. Cantor et al., "Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0". OASIS SSTC, August 2004. Document ID sstc-saml-bindings-2.0-cd-01, WORK IN PROGRESS. See http://www.oasis-open.org/committees/security/ [SAMLv2Core] S. Cantor et al., "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0". OASIS SSTC, August 2004. Document ID sstc-saml-core-2.0-cd-01, WORK IN PROGRESS. See http://www.oasis-open.org/committees/security/ [SAMLv2Meta] S. Cantor et al., Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS SSTC, August 2004. Document ID sstc-saml-metadata-2.0-cd-01. See http://www.oasis-open.org/committees/security/ [SAMLv2Prof] S. Cantor et al., "Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0". OASIS SSTC, August 2004. Document ID sstc-saml-profiles-2.0-cd-01, WORK IN PROGRESS. See http://www.oasis-open.org/committees/security/ [SAMLv2Sec] F. Hirsch et al., "Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0". OASIS SSTC, August 2004, WORK IN PROGRESS. Document ID sstc-saml-sec-consider-2.0-cd-01. See http://www.oasis-open.org/committees/security/ [SSTC] "OASIS Security Services Technical Committee". See http://www.oasis-open.org/committees/security/ [XML] Bray, T., Paoli, J., Sperberg-McQueen, C.M. and E. Maler, "Extensible Markup Language (XML) 1.0 (Second Edition)", World Wide Web Consortium Recommendation REC-xml, October 2000, Available as http://www.w3.org/TR/REC-xml _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
- MIME Type Registration Request Approval: applicat… IETF Secretariat