OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] SAML 1.1 Multiple Attribute Statement


On Tue, Mar 3, 2009 at 8:31 AM, Naveen <webnaveen@gmail.com> wrote:
>
> When should I use multiple AttributeStatement in SAML 1.1?

Barring limitations with the implementation, this is rarely done.

> One of our customer requirements is to send each Attribute in an
> individual AttributeStatement and with the same Subject.

Why?

> I believe if
> the Subject is different then it need to be in its own
> AttributeStatement.

Multiple Subjects in a single SAML V1.1 assertions should be
identical.  This is the gist of the Subject-based Profiles for SAML
V1.1 Assertions:

http://wiki.oasis-open.org/security/SamlSubjectProfiles

The reason is that there is only one Subject in a SAML V2.0 assertion,
which indicates the way it was meant to be in SAML V1.1.

> In what scenario I should use multiple AttributeStatement?

Avoid multiple <AttributeStatement> elements if possible, for the sake
of interoperability.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]