OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] Proposed text for NameIdentifier (re-spun)


Looks perfect to me.
Stephen.

> "Mishra, Prateek" wrote:
> 
> 2.4.2.2 Element <NameIdentifier>
> 
> The <NameIdentifier> element specifies a subject by a combination of a name, a format and a
> security domain. It has the following attributes:
> 
> 
> NameQualifier [Optional]
>          The security or administrative domain that qualifies the name of the subject.
> 
> Format [Optional]
>            The syntax used to describe the name of the subject
> 
> Format values are URIs. The following standard values are defined as URI fragment
> identifiers. The base for these identifiers is the SAML assertion namespace URI.
> 
> #emailAddress:
> 
>        Indicates that the value of the Name element MUST be an email address.
>        The format of an email address is an "addr-spec" as defined in RFC 2822 [RFC 2822].
>        An addr-spec has the form "local-part@domain". Note that an addr-spec
>        has no phrase (such as a common name) before it, has no comment (text
>        surrounded in parentheses) after it, and is not surrounded by "<" and
>        ">".
> 
> #X509SubjectName:
> 
>       Indicates that the value of the Name element MUST take the form specified for the
>       contents of <ds:X509SubjectName> element in [DSIG]. Implementors should
>       note that [DSIG] specifies encoding rules for X.509 subject names
>       that differ from the rules given in RFC2253 [RFC2253].
> 
> #WindowsNTQualifiedName:
>       Indicates that the value of the Name element MUST be a Windows NT qualified name.
>       A Windows NT qualified user name is a string of the form "NTDomainName\UserName".
>       The domain name and "\" separator may be omitted.
> 
> The following schema fragment defines the <NameIdentifier> element and its NameIdentifierType
> complex type:
> 
> <element name="NameIdentifier" type="saml:NameIdentifierType">
> <complexType name="NameIdentiferType">
>       <xsd:simpleContent>
>           <xsd:extension base="xsd:string">
>          <attribute name="NameQualifier" type="string" use="optional">
>          <attribute name="Format" type="anyURI" use="optional">
>      <xsd:simpleContent>
> </complexType>
> 
> 
> The interpretation of the security domain and the name are left to individual implementations,
> including issues of anonymity, pseudonymity, and the persistence of the identifier
> with respect to the asserting and relying parties. The NameQualifier attribute provides
> a means to federate names from disparate user stores without collision.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC