[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AI 245
As documented in the minutes from that fateful day when I got my AI, there are two separate issues: 1) LDAP Attribute Profile, binary values saml-profiles-2.0-os.pdf line 1762 In describing the encoding for binary values, the LDAP profile text is ambiguous about whether the ASN.1 OCTET STRING wrapper should be included or not. The consensus on the call was that it should NOT be included. I propose the following change to the text: "... by base64-encoding [RFC2045] the encompassing ASN.1 OCTET STRING-encoded LDAP attribute value." -> "... by base64-encoding [RFC2045] the contents of the ASN.1 OCTET STRING-encoded LDAP attribute value (not including the ASN.1 OCTET STRING wrapper)." 2) Philosophical issue about attribute syntax Let me go on record (again) as saying that I'm not happy with this... but it's what we've got and we need to document it. "Note that nothing can be inferred from an Attribute's NameFormat about the syntax of it's attribute values. That is, attribute name formats may be re-used across multiple attribute profiles and so the use of a particular name format in an Attribute cannot be used to infer the use of a particular attribute profile. The implication of this is that deployments MUST agree out-of-band on which attribute profile to use for each attribute name (where an attribute name is identified by a unique combination of Name and NameFormat)." At a minimum, I think this should go in saml-core-2.0-os.pdf after line 1217. It may be worth repeating in the introduction to the SAML Attribute Profiles section in saml-profiles-2.0-os.pdf. -Greg |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]