[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Representing requestor's identity
At 02:10 PM 4/28/2003 +0100, Nick Pope wrote: >Content-Transfer-Encoding: 7bit > >Trevor, Anthony, > >It seems to me that the syntax should be flexible in including a range of >alternative name forms including: >- Simple name string >- RFC 3280/X.509 general name (possibly encoded as an LDAP string) >- SAML Assertion >- WSS UsernameToken >- Other name forms to be identified at a later date > >Then for specific usage profiles the particular name form to be used can be >defined. Nick, I'd follow RFC 3280 and call "name forms" things like: - email address - dns name - ip address - distinguished name - edi party name - etc.. I'd call the things you mention "name syntaxes" instead of name forms, the distinction being that a name syntax can transport different name forms. I'd further distinguish SAML Authentication Assertions from "name syntaxes" - an Assertion contains a "name syntax" in <NameIdentifier>, but also contains stuff about how the name was authenticated. My new opinion is that for CMS we should choose a single ASN.1 name syntax (probably GeneralName), and for XML-DSIG we should choose a single XML name syntax (either define our own, or borrow SAML <NameIdentifier>). I think extensibility to different name forms is important, but to different name syntaxes would cause needless incompatibilities (e.g. if Alice encodes an email address in one syntax, and Bob can only understand it in a different one). Then for both XML-DSIG and CMS, we should allow the use of a SAML Assertion in place of the name syntax when information about the authentication is to be represented. This leaves open what XML name syntax we use - make our own or borrow SAML's? But otherwise, using name syntaxes instead of Assertions avoids the verbosity and need to parse SAML Assertions when they're not necessary. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]