Integration of Dynamic Automated Metadata Exchange into the SAML 2.0 Web Browser SSO Profile

Document Type Expired Internet-Draft (individual)
Authors Daniela Pöhn  , Stefan Metzger  , Wolfgang Hommel  , Michael Grabatin 
Last updated 2016-12-30 (latest revision 2016-06-28)
Stream ISE
Intended RFC status Informational
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream ISE state Submission Received
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies the integration of Dynamic Automated Metadata Exchange (DAME) through an intermediate trusted third party into the Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile. The user-triggered, on-demand, and fully automated metadata exchange between identity provider (IDP) and service provider (SP) is intended for scenarios in which the a-priori, e.g., federation-based exchange of SAML metadata is neither practical, scalable nor mandatory for non-technical aspects, such as contract-based trust building between IDP and SP. The main benefit of DAME is the removal of waiting times for users and manual setup tasks for IDP and SP administrators before users can access the service. Implementations of DAME can leverage existing metadata repositories, such as REEP, and metadata transfer protocols, such as MD Query.


Daniela Pöhn (
Stefan Metzger (
Wolfgang Hommel (
Michael Grabatin (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)