Documenting the full functionality in the MSHT file

Asked by Stefan Paetow

I'm trying to establish the full amount of options available in the Moonshot MSHT file. At the moment we have the standard file:

<?xml version="1.0" encoding="UTF-8"?>
<identities>
  <identity>
    <display-name>[i.e. John Smith from Camford University]</display-name>
    <user>[i.e. johnsmith]</user>
    <password>[i.e. correct-horse-battery-staple]</password>
    <realm>[i.e. camford.ac.uk]</realm>
    <selection-rules>
    </selection-rules>
    <trust-anchor>
      <server-cert>[sha256 fingerprint OR the base64 encoded representation of a root certificate in DER form used in the IdP's trust anchor]</server-cert>
    </trust-anchor>
  </identity>
</identities>

What other options should there be? I've spelunked through the code and found these:

<service>
<ca-cert>
<subject>
<subject-alt>

Am I correct in assuming that the first one is on the same level as <realm>, or does it fall under <rule>? And do the other three fall under <trust-anchor>?

We're documenting it here: https://wiki.moonshot.ja.net/display/TR/moonshot-webp+XML+Format

Question information

Language:
English Edit question
Status:
Solved
For:
Project Moonshot Edit question
Assignee:
No assignee Edit question
Solved by:
Sam Hartman
Solved:
Last query:
Last reply:
Revision history for this message
Best Sam Hartman (hartmans) said :
#1

See http://www.project-moonshot.org/devwiki/design/identity-provisioning/ for a discussion of the design behind identity provisioning and http://www.project-moonshot.org/devwiki/design/#index6h2 for a discussion of the resulting format.

Revision history for this message
Stefan Paetow (stefan-paetow) said :
#2

Thank you very much. I've updated the documentation!

Revision history for this message
Stefan Paetow (stefan-paetow) said :
#3

Thanks Sam Hartman, that solved my question.