[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - draft-saml-requesting-attributes-extension-v1.0.pdf uploaded
<req-attr:RequestedAttributes/>
<md:RequestedAttribute isRequired="true" Name="LastName"/>
<md:RequestedAttribute isRequired="true" Name="FirstName"/>
<md:RequestedAttribute Name="Email"/>
<md:RequestedAttribute Name="Role">
<saml:AttributeValue>End User</saml:AttributeValue>
<saml:AttributeValue>Administrator</saml:AttributeValue>
</md:RequestedAttribute>
</req-attr:RequestedAttributes>
</samlp:Extensions>
Could you please confirm if this would actually be compliant? If yes, I will modify my proposal accordingly.
Regards,
Madalina
> The proposal was previously submitted and presented by my colleague Mert
> Aybat, and the current document version aims to integrate all the comments
> received at that time. The older email threads related to this topic can be
> found here: http://markmail.org/message/bjqll753qnbp4kkr &
> http://markmail.org/message/zzbopgn37nvisoj3 .
>
> Looking forward to your feedback.
This draft seems to be defining a new element that essentally duplicates the existing md:RequestedAttribute element, and that's a bad idea, due to confusion if nothing else. Instead, I would simply define a new wrapper element, perhaps <req-attr:RequestedAttributes> and define it as a sequence of zero or more <md:RequestedAttribute> elements.
That gives us insulation within the Extensions element but reuses the schema we already have.
The other comment is that the Conformance section is a bit off the track, but I can do a draft with appropriate wording once this is in a real OASIS template. It's really just boilerplate and I know what it needs to say. Basically the trick to the wording is saying "An SP is conformant to this profile if it has the ability to..." and so forth.
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]