RE: [saml-dev] Issuer and webSSO profile.

["Giuseppe Sarno" <gsarno@nortel.com>]

Hi I'm confused too,
But I guess the confusion come from the following:

The spec says:
2.2.5 Element <Issuer>
The <Issuer> element, with complex type NameIDType, provides information
about the issuer of a
SAML assertion or protocol message. The element requires the use of a
string to carry the issuer's name,

BUT PERMITS VARIUS PIECES OF DESCRIPTIVE DATA (see Section 2.2.2).

The last line seems to imply that the issuer would actually use the
qualifiers etc.

But from what we discussed here it looks like the issuer will never use
the attributes in the NameIDType, and it is basically just a string. Is
this correct ?

Giuseppe.

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: 22 September 2006 15:44
To: Sarno, Giuseppe (MOP:GM15); saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] Issuer and webSSO profile.

> I see your point I guess since the Profile impose that the Format for 
> the issuer is Entity (as such it might not be present) then it means 
> that NAmeQualifier/SPNameQualifier have no meaning in this context. Is

> that correct ?

I guess I'm lost. If you're asking about *Issuer*, then there's not even
a question, those attributes MUST NOT appear. They are completely unused
for an entityID.

> >That is not a MUST unless the NameID in question has one set.
> 
> Well as said above in the case of WebSSO profile since the issuer is 
> mand it MUST contain the SPProvidedID.
>
> Is that a logical conclusion?

I can't parse your sentence, but no, it's not. I don't think you
understand SPProvidedID. That's for SP-supplied aliases against a
NameIdentifier of a user. It has nothing really to do with WebSSO per
se, it's just a feature of the NameIDMgmt protocol that affects how
users are represented in assertions.

-- Scott