xri message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: SAML trusted resolution and self-describing XRDS documents
- From: Markus Sabadello <markus.sabadello@xdi.org>
- To: XRI TC <xri@lists.oasis-open.org>
- Date: Mon, 6 Jul 2009 21:08:58 +0200
Hi XRI TC,
A question came up on the OpenXRI list regarding SAML trusted resolution. This question concerns XRI Resolution 2.0 (http://www.oasis-open.org/committees/download.php/27432/xri-resolution-V2.0-cd-02-rv-04.pdf).
In SAML trusted resolution, a SAML assertion is included in an XRD by an authority resolution server, and the following rules apply (from section 10.2.2.2):
- The xrd:XRD/saml:Assertion/saml:Subject/saml:NameID element MUST be present and equal to the xrd:XRD/xrd:Query element.
- The NameQualifier attribute of the xrd:XRD/saml:Assertion/saml:Subject/saml:NameID element MUST be present and MUST be equal to the xrd:XRD/xrd:ProviderID element.
The question is, what would the SAML assertion look like in case of a self-describing XRDS document (section 9.1.6). In this case, an authority is publishing an XRD about itself, and there is no query / no subsegment to be resolved. My answer would be either
- Following the above rule, since there is no query, there's no NameID either. Not sure if that works in SAML.
- The NameID must be equals to the XRI (i-number?) of the authority.
If you have thoughts on this, please share them. Or maybe it's somewhere in the spec and I just didn't find it.
Markus
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]