[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: "3 kinds of assertions" or "3 kinds of statements"
hi, i am new to SAML. apologies if i am being overly-pedantic, but please can anybody clear something up for me? in a lot of non-OASIS literature that i have come across, many authors often explain SAML by saying things like, "...there are [3 kinds of SAML assertions]: authentication assertions, authorization assertions & attribute assertions...". but isn't it more accurate to say that there is only one kind of assertion, but three kinds of statements: authentication statements, authorization statements, attribute statements...and an assertion can contain one or more of these statements..."? of course, now that i have some hands-on exposure to and experience with using SAML on an actual project, i understand what is meant by "...3 kinds of SAML assertions...". but, i was curious about what is the consensus on this type of hair-splitting. thanks in advance for your comments. just for reference, here is a snip from sstc-saml-tech-overview-1.1-draft-05 Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1 Draft 05, 4 May 2004 "3.1 SAML Concepts SAML has the following key concepts: • Assertions: An assertion is a package of information that supplies one or more statements made by a SAML authority. SAML defines three kinds of statements that can be carried within an assertion...Authentication statements...Attribute statements...Authorization decision statements..."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]