[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Attribute equality during AttributeQuery
On 8/29/14, 8:32 AM, "Peter Major" <peter.major@forgerock.com> wrote: >> Speaking as an implementer, you ignore the concept of profiles and >> strictly enforce equality on both fields, or possibly treat unspecified >>as >> a wildcard that treats Name as the only comparator. > >I think this is a defendable way to interpret the spec, as it shows >similarity to the way how NameID-Formats are handled (SAML Core 3.4.1.1): >"If the Format value is omitted or set to >urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified, then the identity >provider is free to return any kind of identifier, subject to any >additional constraints due to the content of this element or the >policies of the identity provider or principal." That, and I think you give up any pretense at interop by using "unspecified". So really any interpretation of it is fine. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]