[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Attribute equality during AttributeQuery
Hi, SAML core spec (errata version) 3.3.2.3 says:A single query MUST NOT contain two <saml:Attribute> elements with the same Name and NameFormat values (that is, a given attribute MUST be named only once in a query)
SAML profile spec (errata version) 8.1.2.1, 8.2.2.1, 8.3.3.1, 8.4.3.1, 8.5.2.1 are all saying: Two <Attribute> elements refer to the same SAML attribute if and only if the values of their Name XML
attributes are equal in the sense of Section 3.3.6 of [Schema2].I feel that the NameFormat equality here is implicit as I assume you can only use the comparison rules once it is established that these attributes are using the same attribute NameFormat. Is that correct?
The question is really:if I have locally my Attribute Authority configured to deal with Attribute queries against given NameFormat and Attribute name, then what should happen if I receive an AttributeQuery requesting the correct name, but without the NameFormat defined?
As far as I can look at SAML core 2.7.3.1: If no NameFormat value is provided,the identifier urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified (see Section
8.2.1) is in effect.So I suppose if the configuration explicitly referred to the unspecified attrname-format then the two attributes should be considered equal, otherwise it should be handled as an "unrecognized" attribute, right?
Thanks for your help, Peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]