Re: [security-services] On allowing multiple value types for an attribute

["Cantor, Scott" <cantor.2@osu.edu>]

On 10/29/14, 1:58 PM, "Mohammad Jafari" <mjafari@edmondsci.com> wrote:

>Additionally, the TC is inclined to allow, as a non-normative, using
>XML-encoded values for the same attribute. The format used for encoding
>the attribute will be determined based on the xsi:type on the
>AttributeValue.

There's definitely nothing in SAML itself to preclude that, though as a
matter of attribute design (something I'm fairly experienced in), I would
say it's non-optimial. Attributes should really have well-defined
characteristics that have as few variances as possible, and using separate
attribute names would be better.

In addition, there *is* a SAML requirement that for a given Attribute's
AttributeValues, there not be different xsi:types in different values at
the same time. I would guess that your proposal could violate that if it
were possible for your attribute to be multi-valued.

-- Scott