[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] LDAP Attribute Profile (saml-profiles-saml2.0)
> Ok, so unlike the Basic profile, where we have a profile-specific > NameFormat, I would argue that that's not the case in the Basic profile. The NameFormat is not specific to that profile, IMHO. We may not have any others that use it, but the NameFormat is consistently used across the spec as nothing but an indication of what the Name is. It was explicitly *not* a profile indicator. > with the X.500/LDAP profile we're not flagging the use of > the profile in-band (unless you count recognizing particular OIDs as > being X.500/LDAP attributes). Instead, a deployment would need to > configure each OID that it "knows" to use the X.500/LDAP profile for > encoding/decoding. That is my take, although of course I think profiles "stack" at times. As with the XACML thing. > Right. Of course, I can define my own OIDs and then those would have > to be communicated out-of-band to my peers and configured accordingly > before they could be processed. Sure (assuming you own an OID arc), but that's all true of URI names anyway. At least you won't collide with anybody else. > Well, my point was that this is how the x500:Encoding="LDAP" XML > attribute looked to me... but then I was looking for some way to > detect the X.500/LDAP profile in-band. If you say that it can't be > detected in-band (for any OID) then that's fine. I think that's uniformly true of all the attribute profiles. We specifically debated that question of signaling and deferred/punted on it. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]