security-services message

Subject: RE: [security-services] On allowing multiple value types for an attribute

From: Hal Lockhart <hal.lockhart@oracle.com>
To: "Cantor, Scott" <cantor.2@osu.edu>, Mohammad Jafari <mjafari@edmondsci.com>, security-services@lists.oasis-open.org
Date: Wed, 26 Nov 2014 09:38:31 -0800 (PST)

I think he is referring to section 3.3.4 which says the response to any of the Query requests must contain a subject which matches the subject in the query. I don't see any practical way to do an attribute query without specifying an identifier element. Otherwise whose attributes should be returned?

Hal

> -----Original Message-----
> From: Cantor, Scott [mailto:cantor.2@osu.edu]
> Sent: Wednesday, November 26, 2014 10:25 AM
> To: Mohammad Jafari; security-services@lists.oasis-open.org
> Cc: Hal Lockhart
> Subject: Re: [security-services] On allowing multiple value types for
> an attribute
> 
> On 11/26/14, 3:19 AM, "Mohammad Jafari" <mjafari@edmondsci.com> wrote:
> >I checked the specs and it seems that although saml:Subject is
> >optional, it is mandatory when saml:AttributeStatement is present.
> 
> In what specs? Certainly not in SAML 2.0, unless I'm misremembering.
> Even where Subject might be present, NameID is always optional anyway.
> 
> -- Scott
>

Follow-Ups:
- Re: [security-services] On allowing multiple value types for an attribute
  - From: "Cantor, Scott" <cantor.2@osu.edu>

References:
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Mohammad Jafari <mjafari@edmondsci.com>
- Re: [security-services] On allowing multiple value types for an attribute
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Mohammad Jafari <mjafari@edmondsci.com>
- Re: [security-services] On allowing multiple value types for an attribute
  - From: "Cantor, Scott" <cantor.2@osu.edu>