[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposal: Query Extension for SAML AuthnReq
> I stand enlightened on this one. Yes, permitting multioccurrence > of <RequestedAttribute> inside <authnRequest> seems like > good solution. This even parallels the <RequestedAuthnContext> > nicely. The fact that <RequestedAttribute> is part of metadata > schema is not a problem, I presume. No, that's not a problem, but I'm generally wary of embedding a sequence of anything directly as an extension, so I anticipated people would want to define a wrapper element to carry them. The direct analogy to the protocol schema Extensions element is the SOAP Header, wherein you have to wrap your extensions in a header block. It is admittedly a bit of work to define, a schema and additional namespace would be necessary as part of the extension profile. Annoying but probably worth the effort. > Any opinions on the interrim solution? Probably we would need some normative language about whether to treat the extension as mandatory (meaning if you understand it, do you return an error if you can't satisfy the attribute request?). Currently the metadata equivalent is expressly optional to enforce. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]