OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] The multiple subject issue

Hi Phillip and others,

 yes this proposed XML Schema makes perfect sense, but in the SAML
version 25, the schema looks like this:

  <complexType name="SubjectType">
  <choice maxOccurs="unbounded">
  <sequence>
  <element ref="saml:NameIdentifier"/>
  <element ref="saml:SubjectConfirmation" minOccurs="0"/>
  </sequence>
 <element ref="saml:SubjectConfirmation"/>
  </choice>
  </complexType>

 By dropping the maxOccurs attribute in the first choice element, there
is no confusion at all.

 Sincerely,

 Jan Alexander
 WASP Server Project Leader, Systinet (formerly Idoox)
 http://www.systinet.com


> ----- Original Message -----
> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
> Cc: "Security-Services (E-mail)"
> <security-services@lists.oasis-open.org>
> Sent: Wednesday, 30 January, 2002 20:00
> Subject: [security-services] The multiple subject issue
>
>
> > To try to clarify this issue, here is the schema as ammended during
> the con
> > call 2 weeks ago:
> >
> >
> > <element name="SubjectStatement"
> > type="saml:SubjectStatementAbstractType"/>
> > <complexType name="SubjectStatementAbstractType" abstract="true">
> > <complexContent>
> > <extension base="saml:StatementAbstractType">
> > <sequence>
> > <element ref="saml:Subject"/>
> > </sequence>
> > </extension>
> > </complexContent>
> > </complexType>
> >
> > <element name="Subject" type="saml:SubjectType"/>
> > <complexType name="SubjectType">
> > <choice>
> > <sequence>
> > <element ref="saml:NameIdentifier"/>
> > <element ref="saml:SubjectConfirmation"
> > minOccurs="0"/>
> > </sequence>
> > <element ref="saml:SubjectConfirmation"/>
> > </choice>
> > </complexType>
> >
> >
> > A statement can have exactly ONE subject that may be desribed by a
> Name
> > Identifier alone, OR a Name Identifier and subject confirmation OR a
> subject
> > confirmation alone.
> >
> > In the case of a name alone the subject confirmation is presumably
out
> of
> > scope, quite likely in an attribute statement.
> >
> > In the case of subject confirmation alone the name may well be
> irrelevant.
> >
> >
> > Phill
> >
> > Phillip Hallam-Baker FBCS C.Eng.
> > Principal Scientist
> > VeriSign Inc.
> > pbaker@verisign.com
> > 781 245 6996 x227
> >
> > >
> >
> >
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC