OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Eve's proposed AuthorityKind wording


========
Original wording (as of core-05: lines 738-747)

AuthorityKind [Required]
The type of SAML protocol queries to which the authority described by 
this element will respond. The value is specified as an XML Schema 
QName. The acceptable values for AuthorityKind are the 
namespace-qualified names of element types or elements derived from the 
SAML protocol Query element (see Section 3.3). For example, an attribute 
authority would be identified by AuthorityKind="samlp:AttributeQuery", 
where there is a namespace declaration in the scope of this attribute 
that binds the samlp: prefix to the SAML protocol namespace. For 
extension schemas, where the actual type of the <samlp:Query> would be 
identified by an xsi:type attribute, the value of AuthorityKind MUST be 
the same as the value of the xsi:type attribute for the corresponding query.

========
Proposed wording, reflecting a pattern -- approximately what seemed to 
be specified in V1.0 -- of specifying the relevant SAML element's QName 
(where no extension has been made) or of specifying a complex type's 
QName (in the case of extension schemas):

[replacing lines 738-747]
AuthorityKind [Required]
The type of SAML protocol queries to which the authority described by 
this element will respond. The value is specified as an XML Schema 
QName.  The AuthorityKind value is either the QName of the desired SAML 
protocol query element or, in the case of an extension schema, the name 
of the SAML QueryType complex type or some extension type that was 
derived from it.  In the case of an extension schema, the authority will 
respond to all query elements of the specified type.

For example, an attribute authority would be identified by 
AuthorityKind="samlp:AttributeQuery", where there is a namespace 
declaration in the scope of this attribute that binds the samlp: prefix 
to the SAML protocol namespace.

[Add to the end of the <AuthorityBinding> description (approximately 
line 737):] This attribute is deprecated; usage of this attribute SHOULD 
be avoided because it is planned to be removed in the next major version 
of SAML.

========
We unanimously agreed to this just now, in our 22 April telecon at 
12:50pm ET.

	Eve
-- 
Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Technologies and Standards               eve.maler @ sun.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]