[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PE 49 suggestion
Long-standing AI to clean up text around Attribute NameFormat/Name, profiles, and how implementations should treat them. Greg originally suggested text for core at line 1217 in the section defining the <Attribute> element. It's currently in the errata document. A different spin follows, but it's essentially the same in spirit. "Attributes are identified/named by the combination of the NameFormat and Name XML attributes described above. Neither one in isolation can be assumed to be unique, but taken together, they ought to be unambiguous within a given deployment. The SAML profiles specification [SAMLProf] includes a number of attribute profiles designed to improve the interoperability of attribute usage in some identified scenarios. Such profiles typically include constraints on attribute naming and value syntax. There is no explicit indicator when an attribute profile is in use, and it is assumed that deployments can establish this out of band, based on the combination of NameFormat and Name." If others have suggestions, please make them. The goal here is to communicate to implementers that their logic must of necessity be based on Name + NameFormat, and any profile processing essentially has to be configured up front based on that combination. Which, BTW, is exactly how SAML 1.1 worked. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]