OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] question on AttributeQuery processing


On Wed, 2007-04-18 at 11:45 -0400, Scott Cantor wrote:
> > I was wondering what drove the rule in section 3.3.2.3 that requires
> > that an AttributeQuery containing an Attribute element containing an
> > AttributeValue must not be answered with a statement containing the
> > Attribute element with different AttributeValue element.
> 
> The entire point of allowing values in queries was to filter what comes
> back.
That's ok. But 'give me A and only A' or 'give me A and I don't care what else
allowed by IdP policies' are both filters. My question was what about why
the first one was choosen. An AttributeQuery containing an Attribute X
containing an AttributeValue Y doesn't asks 'does the subject posses
attributes X with value Y', with the imposition in section 2.3.2.3 it
asks 'does the subject posses attributes X with the Y value and only the
Y value'.

Valerio

smime.p7s



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]