[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Attribute Namespace usage
At the f2f, I agreed to further describe our use of attribute namespace on the list...
An Attribute Authority may need to look up attributes for a single Subject from multiple attribute sources (e.g. LDAP repository, SQL database, IAM system, flat file, etc.). Also, a relying party may need to store attributes it receives in an assertion from an attribute authority in multiple repositories. These attributes may be part of a pre-configured Web SSO assertion or provided in response to an AttributeQuery. The attribute's Namespace attribute provides a convenient scoping mechanism for associating a particular attribute with a specific repository.
In order for an attribute authority or a relying party to know which repository holds particular attributes, we make use of the attribute's Namespace attribute. So, for example, if an attribute authority supports retrieval of a Subject's inetorgperson attributes from an LDAP repository but application-specific attributes for the Subject must be obtained from a SQL database, the authority might support general attribute queries and determine which repository to probe based on the attribute namespaces. Continuing the example, the subject's homePhone attribute might be in the "http://www.acme.com/corporateLDAP" namespace while the subject's purchasing spending limit may be in the "http://www.acme.com/purchasingDB" namespace.
Rob Philpott
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]