harrdou
commented
3 years ago I found a related question on the saml-dev mailing list from 12 years back...
https://lists.oasis-open.org/archives/saml-dev/200705/msg00019.html
Does the AffiliationOwnerID need to be unique? Should it be set to match the entityid of one of the members of the affiliation?
As per the spec:
affiliationOwnerID [Required] Specifies the unique identifier of the entity responsible for the affiliation. The owner is NOT presumed to be a member of the affiliation; if it is a member, its identifier MUST also appear in an
element.
So it must be the identifier of a defined entity (which is unique), but the spec does not insist that it be a member of the affiliation, although it can be.
Do we want to further restrict this in CATS for our own operational reasons? It doesn't appear to have any impact on behaviour, as Scott says, it is just informational.
Are there any techical constraints with our current IDPs that we should be aware of? Do they have any suggestions?
Does SSC, as the GCCF operator have any preference?
-Doug
lsleduc
Hi,
are there any validation rules for the AffiliationOwnerId element contained in the group of service providers affiliation metadata?
Does the AffiliationOwnerID need to be unique? Should it be set to match the entityid of one of the members of the affiliation?
In a scenario where members of the affiliation are to share PAIs already assign to a particular SP, should the AffiliationOwnerId be set to the entityid affiliation member that previously owned the PAI?
Or should it be set to match the affiliation entityid?
Thanks