OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] Proposed text for NameIdentifier (re-spun)


2.4.2.2 Element <NameIdentifier>
 
The <NameIdentifier> element specifies a subject by a combination of a name, a format and a
security domain. It has the following attributes:
 
 
NameQualifier [Optional]
         The security or administrative domain that qualifies the name of the subject.
 
Format [Optional]
           The syntax used to describe the name of the subject
 
Format values are URIs. The following standard values are defined as URI fragment
identifiers. The base for these identifiers is the SAML assertion namespace URI.
 
#emailAddress:
 
       Indicates that the value of the Name element MUST be an email address.
       The format of an email address is an "addr-spec" as defined in RFC 2822 [RFC 2822].
       An addr-spec has the form "local-part@domain". Note that an addr-spec
       has no phrase (such as a common name) before it, has no comment (text
       surrounded in parentheses) after it, and is not surrounded by "<" and
       ">".
 
#X509SubjectName:
 
      Indicates that the value of the Name element MUST take the form specified for the 
      contents of <ds:X509SubjectName> element in [DSIG]. Implementors should
      note that [DSIG] specifies encoding rules for X.509 subject names
      that differ from the rules given in RFC2253 [RFC2253].
 
#WindowsNTQualifiedName:
      Indicates that the value of the Name element MUST be a Windows NT qualified name.
      A Windows NT qualified user name is a string of the form "NTDomainName\UserName".
      The domain name and "\" separator may be omitted.
 
The following schema fragment defines the <NameIdentifier> element and its NameIdentifierType
complex type:
 
<element name="NameIdentifier" type="saml:NameIdentifierType">
<complexType name="NameIdentiferType">
      <xsd:simpleContent>
          <xsd:extension base="xsd:string">
         <attribute name="NameQualifier" type="string" use="optional">
         <attribute name="Format" type="anyURI" use="optional">
     <xsd:simpleContent>
</complexType>
 
 
The interpretation of the security domain and the name are left to individual implementations,
including issues of anonymity, pseudonymity, and the persistence of the identifier
with respect to the asserting and relying parties. The NameQualifier attribute provides
a means to federate names from disparate user stores without collision.  


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC