[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] question on AttributeQuery processing
On Wed, 2007-04-18 at 11:45 -0400, Scott Cantor wrote: > > I was wondering what drove the rule in section 3.3.2.3 that requires > > that an AttributeQuery containing an Attribute element containing an > > AttributeValue must not be answered with a statement containing the > > Attribute element with different AttributeValue element. > > The entire point of allowing values in queries was to filter what comes > back. That's ok. But 'give me A and only A' or 'give me A and I don't care what else allowed by IdP policies' are both filters. My question was what about why the first one was choosen. An AttributeQuery containing an Attribute X containing an AttributeValue Y doesn't asks 'does the subject posses attributes X with value Y', with the imposition in section 2.3.2.3 it asks 'does the subject posses attributes X with the Y value and only the Y value'. Valerio
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]