OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Moving subjects up to assertions (disregardfirst reply)

Sorry, belay that last post, I pulled out an earlier sketch I had done
before we settled on not having per-statement subject confirmation, so I was
down a different track there.

I suggest this instead:

<Statement> of StatementAbstractType (empty)
<SubjectStatement> SubjectStatementAbstractType (also empty)

SubjectStatementAbstractType does not derive from StatementAbstractType.

Then inside AssertionType:

	...usual assertion header, conditions, etc.
<choice>
	<sequence>
		<element ref="saml:Subject"/>
		<choice maxOccurs="unbounded">
			<element ref="saml:SubjectStatement">
			<element ref="saml:AttributeStatement">
			<element ref="saml:AuthnStatement">
			<element ref="saml:AuthzDecisionStatement">
		</choice>
	</sequence>
	<sequence>
		<element ref="saml:Statement" maxOccurs="unbounded"/>
	</sequence>
</choice>

<Subject> still has the current overall design, I assume, where you either
have an identifier plus zero or more confirmations OR you have just one or
more confirmations.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]