Re: [security-services] SAML Rev Idea: General Session Index

["Cantor, Scott" <cantor.2@osu.edu>]

On 1/16/12 9:55 AM, "Chad La Joie" <lajoie@itumi.biz> wrote:
>
>So, my question is, do we want to add an optional SessionIndex to the
><AttributeQuery> or, more generally to the SubjectQueryAbstractType or
>RequestAbstractType, in order to allow for, but not mandate, session
>correlation?

I think our general philosophy has been to avoid making changes to the
content models except through the defined extension points to prevent
opening a big debate about versioning.

Put another way, this doesn't have to wait for an update if it's done as
an extension, and then I think the question is, are there extensions that
we want to build into the specification rather than leave them in separate
documents, and what conformance rules should apply? Which is basically the
question I raised on the last call.

The downside is that we end up with some namespace proliferation, and I
don't disagree that that's annoying. One option is to recast extensions we
want to include in a new core namespace (we can't use the existing ones
because we defined Extensions to use an ##other wildcard).

-- Scott