[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Tentative preliminary draft proposed text forISSUE: AuthorityKin d and RespondWith
OK the change has been applied Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Irving Reid [mailto:Irving.Reid@baltimore.com] > Sent: Friday, March 15, 2002 2:24 AM > To: 'security-services@lists.oasis-open.org' > Subject: [security-services] Tentative preliminary draft proposed text > for ISSUE: AuthorityKin d and RespondWith > > > Since nobody picked up the gauntlet I threw down in > http://lists.oasis-open.org/archives/security-services/200203/ > msg00069.html, > I'm going to assume we have consensus for the option that > makes the least > changes to the spec. That is, we continue to have the subtle > difference > between AuthorityKind, which specifies the sorts of > samlp:Query an authority > will answer, and RespondWith, which specifies the kind of > saml:Statement a > requester wants to see. > > Given that, here are the changes to switch both of these over > to XML qnames. > Line numbers are relative to the core-27 PDF with change bars > removed (the > one currently published on the web page). > > > Lines 723-728: > AuthorityKind [Required] > The type of SAML Protocol queries to which the authority > described by > this element will respond. The value is specified as an XML > Schema QName. > The acceptable values for AuthorityKind are the > namespace-qualified names of > element types or elements derived from the SAML Protocol > Query element (see > Section 3.3. Queries). For example, an attribute authority would be > identified by AuthorityKind="samlp:AttributeQuery". For > extension schemas, > where the actual type of the samlp:Query would be identified > by an xsi:type > attribute, the value of AuthorityKind MUST be the same as the > value of the > xsi:type attribute for the corresponding query. > > Lines 740-741: <attribute name="AuthorityKind" type="QName" > use="Required"/> > > Lines 745-751: delete > > > Lines 971-1001 (Section 3.2.1.1): Replace entirely with: > > Section 3.2.1.1. Element <RespondWith> > > The <RespondWith> element specifies the type of Statement the > requestor > wants from the responder. Multiple <RespondWith> elements MAY > be included to > indicate that the requestor will accept assertions containing > any of the > specified types. If no <RespondWith> element is given, the > responder may > return assertions containing statements of any type. > > If the requestor sends one or more <RespondWith> elements, > the responder > MUST NOT respond with assertions containing statements of any type not > specified in one of the <RespondWith> elements. > > (Include lines 986-988, Note: ... here) > > RespondWith element values are XML QNames. The XML namespace and name > specifically refer to the namespace and element name of the Statement > element, exactly as for the saml:AuthorityKind attribute; see section > 2.4.3.2. For example, a requestor that wishes to receive assertions > containing only attribute statements must specify > <RespondWith>saml:AttributeStatement</RespondWith>. To > specify extension > types, the RespondWith element MUST contain exactly the > extension element > type as specified in the xsi:type attribute on the > corresponding element. > > The following schema fragment defines the RespondWith element: > <element name="RespondWith" type="QName"/> > > > - irving - > > > -------------------------------------------------------------- > --------------------------------------------------- > The information contained in this message is confidential and > is intended > for the addressee(s) only. If you have received this message > in error or > there are any problems please notify the originator immediately. The > unauthorized use, disclosure, copying or alteration of this > message is > strictly forbidden. Baltimore Technologies plc will not be > liable for direct, > special, indirect or consequential damages arising from > alteration of the > contents of this message by a third party or as a result of > any virus being > passed on. > > > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC