[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] FW: Request: Modify schema to support SAMLattribute query retur n of ALL attributes within an attribute namespace
Resending to general TC list. As I recall we discussed this topic, but with the request for a namespace... - joe -----Original Message----- From: Edwards, Thomas J (Tom) [mailto:tjedwards@avaya.com] Sent: Tuesday, August 13, 2002 3:14 AM To: security-editors@lists.oasis-open.org Cc: eve.maler@sun.com; cantor.2@osu.edu Subject: Request: Modify schema to support SAML attribute query return of ALL attributes within an attribute namespace I would like this request to be considered in the next draft. The basic request is to modify the schema to support a SAML attribute query to return ALL attributes within an attribute namespace. Currently, one can request ALL attributes by not including an attributeDesignator. But then the relying party cannot specify a namespace for the attributes to be returned. Some details are provided in the following e-mail stream. Thanks for your consideration of this request, Tom Thomas J. Edwards Consulting Member of Tech Staff AVAYA Inc 6464 185th Ave NE Redmond, WA 98052 Tel: 425-558-8140 e-mail: tjedwards@avaya.com -----Original Message----- From: Eve L. Maler [mailto:eve.maler@sun.com] Sent: Thursday, August 08, 2002 7:08 AM To: Edwards, Thomas J (Tom) Cc: cantor.2@osu.edu Subject: Re: SAML: how does SAML attribute query return ALL attributes withinan attribute namespace? Hello Tom, I don't believe there's any way currently to query for just the attributes in a particular attribute namespace. This would be a reasonable RFE, though; I suggest that you send mail to the security-services-comment list to request it if that's what you want to do. Regards, Eve Edwards, Thomas J (Tom) wrote: > Scott and Eve, > > I would appreciate your help in understanding how does SAML support the > return of all attributes within a namespace. > > I have reviewed the working group minutes looking for an answer to the > above where all attributes are to be returned for a attributeNamespace. > However, I believe the only method to return all attributes currently is > to specify no attributes; in which case, one cannot specify the > attributeNamespace. > > "<AttributeDesignator> [Any Number] (see Section 2.4.5.1) > Each <AttributeDesignator> element specifies an attribute whose value is > to be returned. If > no attributes are specified, it indicates that all attributes allowed by > policy are requested." > > > There are some options described such as returning all attributes for a > resource, but this is not limiting to a namespace. > > "The <Resource> attribute specifies the URI of a resource which is > relevant to the request for attributes. If present, the responding > entity MAY use the information in determining the set of attributes to > return to the requesting entity." > > Another way -_ though I am pretty certain this is not really > recommended_, is to use the NameQualifier. That is, an Asserting Party > may or may not support this notion. > > > "Should the core schema specify a way to express an attributes scope, or > should this be left as a part of the structure of the attribute? Scope > has essentially the same meaning as security domain? > > Status: Closed by vote on Jan 29, 2002. Attribute scope must be > specified as a part of the attribute structure.* (Note however that > Subject NameIdentifier has a specific SecurityDomain element that > roughly corresponds to the notion of attribute scope for the subject > name attribute.)* Note that this is not the same as Attribute Namespace. > This is discussed here." > > Your help would be appreciated, > > Tom > > > Tom Edwards, CMTS > *AVAYA Inc* > 6464 185th Ave NE > Redmond, WA 98052 > Tel: 425-558-8140 > e-mail: tjedwards@avaya.com > > > > > > -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 883 5917 XML Web Services / Industry Initiatives eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC