[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Proposed text for NameIdentifier (re-spun)
Looks perfect to me. Stephen. > "Mishra, Prateek" wrote: > > 2.4.2.2 Element <NameIdentifier> > > The <NameIdentifier> element specifies a subject by a combination of a name, a format and a > security domain. It has the following attributes: > > > NameQualifier [Optional] > The security or administrative domain that qualifies the name of the subject. > > Format [Optional] > The syntax used to describe the name of the subject > > Format values are URIs. The following standard values are defined as URI fragment > identifiers. The base for these identifiers is the SAML assertion namespace URI. > > #emailAddress: > > Indicates that the value of the Name element MUST be an email address. > The format of an email address is an "addr-spec" as defined in RFC 2822 [RFC 2822]. > An addr-spec has the form "local-part@domain". Note that an addr-spec > has no phrase (such as a common name) before it, has no comment (text > surrounded in parentheses) after it, and is not surrounded by "<" and > ">". > > #X509SubjectName: > > Indicates that the value of the Name element MUST take the form specified for the > contents of <ds:X509SubjectName> element in [DSIG]. Implementors should > note that [DSIG] specifies encoding rules for X.509 subject names > that differ from the rules given in RFC2253 [RFC2253]. > > #WindowsNTQualifiedName: > Indicates that the value of the Name element MUST be a Windows NT qualified name. > A Windows NT qualified user name is a string of the form "NTDomainName\UserName". > The domain name and "\" separator may be omitted. > > The following schema fragment defines the <NameIdentifier> element and its NameIdentifierType > complex type: > > <element name="NameIdentifier" type="saml:NameIdentifierType"> > <complexType name="NameIdentiferType"> > <xsd:simpleContent> > <xsd:extension base="xsd:string"> > <attribute name="NameQualifier" type="string" use="optional"> > <attribute name="Format" type="anyURI" use="optional"> > <xsd:simpleContent> > </complexType> > > > The interpretation of the security domain and the name are left to individual implementations, > including issues of anonymity, pseudonymity, and the persistence of the identifier > with respect to the asserting and relying parties. The NameQualifier attribute provides > a means to federate names from disparate user stores without collision. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC