Documenting the full functionality in the MSHT file

Asked by Stefan Paetow on 2015-03-11

I'm trying to establish the full amount of options available in the Moonshot MSHT file. At the moment we have the standard file:

<?xml version="1.0" encoding="UTF-8"?>
<identities>
  <identity>
    <display-name>[i.e. John Smith from Camford University]</display-name>
    <user>[i.e. johnsmith]</user>
    <password>[i.e. correct-horse-battery-staple]</password>
    <realm>[i.e. camford.ac.uk]</realm>
    <selection-rules>
    </selection-rules>
    <trust-anchor>
      <server-cert>[sha256 fingerprint OR the base64 encoded representation of a root certificate in DER form used in the IdP's trust anchor]</server-cert>
    </trust-anchor>
  </identity>
</identities>

What other options should there be? I've spelunked through the code and found these:

<service>
<ca-cert>
<subject>
<subject-alt>

Am I correct in assuming that the first one is on the same level as <realm>, or does it fall under <rule>? And do the other three fall under <trust-anchor>?

We're documenting it here: https://wiki.moonshot.ja.net/display/TR/moonshot-webp+XML+Format

Question information

Language:
English Edit question
Status:
Solved
For:
Project Moonshot Edit question
Assignee:
No assignee Edit question
Solved by:
Sam Hartman
Solved:
2015-03-16
Last query:
2015-03-16
Last reply:
2015-03-16
Best Sam Hartman (hartmans) said : #1

See http://www.project-moonshot.org/devwiki/design/identity-provisioning/ for a discussion of the design behind identity provisioning and http://www.project-moonshot.org/devwiki/design/#index6h2 for a discussion of the resulting format.

Stefan Paetow (stefan-paetow) said : #2

Thank you very much. I've updated the documentation!

Stefan Paetow (stefan-paetow) said : #3

Thanks Sam Hartman, that solved my question.