[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] On allowing multiple value types for an attribute
This is in Section 2.7.3. line 1168: "Assertions containing <AttributeStatement> elements MUST contain a <Subject> element." I just noticed that the text (Section 2.4.1. line 651) says <NameID>, <BaseID> or <EncryptedID> are optional. However, the following schema fragment (line 668 onward) uses "choice" with no "minOccurs" which according to XML Schema specs is interpreted as the default of 1. So contrary to the text above, the schema fragment says that there should be at least one occurrence of <NameID>, <BaseID> or <EncryptedID>. SAML assertion schema says the same as the schema fragment. This actually seems to be an inconsistency in the specs that I had not noticed before. Regards, --Mohammad > -----Original Message----- > From: Cantor, Scott [mailto:cantor.2@osu.edu] > Sent: Wednesday, November 26, 2014 8:27 AM > To: Mohammad Jafari; security-services@lists.oasis-open.org > Cc: hal.lockhart@oracle.com > Subject: Re: [security-services] On allowing multiple value types for an > attribute > > On 11/26/14, 3:19 AM, "Mohammad Jafari" <mjafari@edmondsci.com> wrote: > >I checked the specs and it seems that although saml:Subject is > >optional, it is mandatory when saml:AttributeStatement is present. > > In what specs? Certainly not in SAML 2.0, unless I'm misremembering. Even > where Subject might be present, NameID is always optional anyway. > > -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]