[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: composition of AssertionID (Issue: DS-4-04: URIs for Assertio nIDs)
People can try to do what they like with a URI. People made the same argument about the schema identifier URIs and the censorship scheme URI in PICs. There was no difficulty in either case. The reason for using a URI is that it allows the issuer to tie the assertions in to the backend processing infrastructure of their choice. They are not required to make the assertions locatable but MAY choose to do so. They MAY choose to issue identifiers that have internal structure, they MAY use random strings. The back end processing is out of scope for SAML, the use cases and requirements considered it out of scope. Therefore SAML should not attempt to impose restrictions on the structure of the identifiers since these would be arbitrary. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Eve L. Maler [mailto:eve.maler@east.sun.com] > Sent: Friday, June 08, 2001 2:22 PM > To: security-services@lists.oasis-open.org > Subject: RE: composition of AssertionID (Issue: DS-4-04: URIs for > Assertio nIDs) > > > At 02:09 PM 6/8/01 -0400, Hal Lockhart wrote: > >I assume you mean retrieving an assertion by dereferencing the URI. > > Yes. > > >We certainly want to be able to request "the assertion with > the ID of X" > >whether or not X is a URI. That's what started this discussion. > > If X looks like a URI (particularly an http-scheme one), > people *will* try > to dereference it. Cf. XML namespaces. So if we intend it > *not* to be an > "address" as well as an "identifier," we should not use URIs for it. > > Eve > -- > Eve Maler +1 781 442 3190 > Sun Microsystems XML Technology Development eve.maler @ east.sun.com >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC