[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] On allowing multiple value types for an attribute
On 11/26/14, 4:58 PM, "Mohammad Jafari" <mjafari@edmondsci.com> wrote: >This is in Section 2.7.3. line 1168: >"Assertions containing <AttributeStatement> elements MUST contain a ><Subject> element." Thanks. I frankly didn't recall that. If it's not consistently applied to the other statement types, I would speculate it's an errata, but I think it probably was intentional. Regardless, that doesn't mean an ID is required. >I just noticed that the text (Section 2.4.1. line 651) says <NameID>, ><BaseID> or <EncryptedID> are optional. >However, the following schema fragment (line 668 onward) uses "choice" >with no "minOccurs" which according to XML Schema specs is interpreted as >the default of 1. So contrary to the text above, the schema fragment says >that there should be at least one occurrence of <NameID>, <BaseID> or ><EncryptedID>. SAML assertion schema says the same as the schema >fragment. > >This actually seems to be an inconsistency in the specs that I had not >noticed before. No, you're just misreading it (luckily). The Subject element is a choice between a required ID and optional SC OR just a required SC. That was the only way to create a co-constraint of sorts to require SC only if an ID is absent. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]