md:ContactPerson - [SDP-MD11] vs [SDP-SP39]

[vladimir-mencl-eresearch]

I have found a minor inconsistency - regarding whether md:ContactPerson goes into SPSSODescriptor/IDPSSODescriptor, or into EntityDescriptor directly.

[SDP-MD11] reads:

Metadata MUST include an element with a contactType of technical and an element.

Does not say whether they are inside a RoleDescriptor or at the root EntityDescriptor.

But both [SDP-SP39] and [SDP-IDP33], which aim to provide just a summary, say:

By virtue of this profile’s requirements, an (SPs/IdP)’s metadata MUST contain:

• an <md:(SP,IDP)SSODescriptor> role element containing
  • an element with a contactType of technical and an element

(I've condensed both SP/IdP cases into the above, hope the substitutions are obvious).

I know SAML 2.0 Metadata standard allows ContactPerson in either location. I have seen either being used.

And for example, eduGAIN Metadata Profile asks for md:ContactPerson directly inside the EntityDescriptor - see page 4 at https://technical.edugain.org/doc/eduGAIN_metadata_profile.pdf

I do not know which is the right way to go, but at the very least, this specification should be consistent internally. If the intention of [SDP-MD11] was to have ContactPerson in the RoleDescriptor, it should be explicitly stated. Otherwise, it's not consistent with [SDP-SP39] and [SDP-IDP33].

Cheers, Vlad

[scantor]

FWIW, I've tended to put mine at the Entity level. I assume InCommon does, etc. We probably should fix the text to say that.

[scantor]

Fixed via text and indentation corrections.

[vladimir-mencl-eresearch]

Thanks for the clarification.