security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Potential Erratum -- NameIDMappingResponse schema
- From: "Ari Kermaier" <ari.kermaier@oracle.com>
- To: "SSTC (E-mail)" <security-services@lists.oasis-open.org>
- Date: Thu, 26 Apr 2007 11:44:09 -0400
Alas, I've noticed
what appears to be a problem with the SAML 2.0 Core spec for the NameIDMapping
protocol. Section 3.8.2 [lines 2721-2724] define the NameIDMappingResponseType
as extending StatusResponseType with the addition of a choice of saml:NameID or
saml:EncryptedID element. The schema does not indicate minoccurs="0", making
exactly one of these elements required in any
samlp:NameIDMappingResponse.
What is the response
supposed to look like if an error Status is being returned? I would assume that
the NameID/EncryptedID would have to be omitted, but the schema doesn't
allow it.
::Ari
Ari Kermaier |
Senior Development Manager | +1.212.520.7304
Oracle Server
Technologies | Identity Management & Security
444 Madison Avenue, Suite
300 | New York, NY 10022
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]