[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] SAML Issuer changes
On Tue, 2004-03-09 at 12:07, Anne Anderson wrote: > The current SAML 2.0 draft defines the Issuer element in an > Assertion as being of NameIdentifierType. Previously it was > "xsi:string". > [...] > > I suggest we add an optional IssuerFormat XML attribute to our > AttributeType as follows: > > <xs:complexType name="AttributeType"> > <xs:sequence> > <xs:element ref="xacml-context:AttributeValue"/> > </xs:sequence> > <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> > <xs:attribute name="DataType" type="xs:anyURI" use="required"/> > <xs:attribute name="Issuer" type="xs:string" use="optional"/> > <xs:attribute name="IssuerFormat" type="xs:anyURI" use="optional"/> > <xs:attribute name="IssueInstant" type="xs:dateTime" use="optional"/> > </xs:complexType> I'm not really sure what use this is to XACML. The only place that the issuer gets used is when a designator or selector wants to (optionally) require a particular issuer. This is done via a simple string comparison. Are you suggesting that the IssuerFormat would somehow be used in this comparison, or is this useful for something else? If you want to use the IssuerFormat in this retrieval comparison, then you probably also have to change designators and selectors to specify this information, and reject formats that don't match (ie, when the Attribute uses one format and the designator/selector uses another). We'll also need to define standard format types and how comparisons work (or at least reference those in SAML or some other standard). This is a lot of work, and a fair change to how XACML works today. Is this what you had in mind, or was there a different use-case to support your proposed change? Could you provide some specific details about why this change would be useful? seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]