[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 1.1 Multiple Attribute Statement
On Tue, Mar 3, 2009 at 8:31 AM, Naveen <webnaveen@gmail.com> wrote: > > When should I use multiple AttributeStatement in SAML 1.1? Barring limitations with the implementation, this is rarely done. > One of our customer requirements is to send each Attribute in an > individual AttributeStatement and with the same Subject. Why? > I believe if > the Subject is different then it need to be in its own > AttributeStatement. Multiple Subjects in a single SAML V1.1 assertions should be identical. This is the gist of the Subject-based Profiles for SAML V1.1 Assertions: http://wiki.oasis-open.org/security/SamlSubjectProfiles The reason is that there is only one Subject in a SAML V2.0 assertion, which indicates the way it was meant to be in SAML V1.1. > In what scenario I should use multiple AttributeStatement? Avoid multiple <AttributeStatement> elements if possible, for the sake of interoperability. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]