[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] XPath Attribute Profile
On Wed, 2005-06-01 at 14:55 -0400, Conor P. Cahill wrote: > > Conor P. Cahill wrote on 6/1/2005, 2:49 PM: > > > Cameron Morris wrote on 6/1/2005, 2:30 PM: > > > > > So you are also proposing that the attributes in a query can be xpath, > > > and the asserted attributes follow your proposal. Correct? > > > > Correct. > So in addition to the XPath attribute profile - used only for queries - you'd like something like an "XML document attribute profile" to define the attribute name as a document or document namespace - used for attribute statements in assertions. > PS. Note that there does not *have* to be a real query involved (e.g. > the IdP can have some out-of-band knowledge that the SP would want > some data returned and can return it as if the SP had queried it). > > Not that their can't be a query, just that there are situations > where there is not an explicit query and the IdP may return > such attributes in an AuthnResponse. In addition, the authnRequest will either reference an attribute consuming service index or the IDP could use the default attribute consuming service published in metadata for the SP. If xpath attributes are not used for assertions, I still assume that XPath attributes would apply to attribute consuming services. - Cameron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]