RE: [dss] Core - Requestor Identity & SAML NameIdentifier

["Nick Pope" <pope@secstan.com>]

Trevor,

I still believe that it is worth using the SAML type.

Primarily, my aim is to be able to take using an identifier from SAML and
use it in DSS without any need to do mapping.  This makes implementation of
DSS + SAML easier, and also avoids potential of ambiguity over names because
of the different structures. If the requester is identified using a SAML
token with a "NameQualifier" what happens with the DSS signature?


In response to your particular points:
> I like dss:NameType a bit better than the SAML type:
>   - In the DSS type the "Format" attribute is required
In SAML if not present implies a general unspecified format.  I can foresee
the need to support other "unspecified" formats.

>   - The DSS type omits the SAML type's superfluous
> "NameQualifier" attribute.
I do not see why the requirement for supporting "federated names" and
avoiding collision is not applicable to DSS as it is to SAML

>   - SAML hasn't defined an identifier for URIs, whereas we have.
If this is a realistic requirement then I do not see why this should not
also be present in SAML.

Nick



> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net]
> Sent: 19 March 2004 21:43
> To: Nick Pope; Trevor Perrin; OASIS DSS TC
> Subject: Re: [dss] Core - Requestor Identity & SAML NameIdentifier
>
>
> At 05:45 PM 3/18/2004 +0000, Nick Pope wrote:
>
> >Can I suggest that the NameType used in requestorIdentity etc
> and defined in
> >2.3 is aligned with the SAML name identifier so that the same name format
> >identifiers can be used in SAML and DSS.
>
> I like dss:NameType a bit better than the SAML type:
>   - In the DSS type the "Format" attribute is required
>   - The DSS type omits the SAML type's superfluous
> "NameQualifier" attribute.
>   - SAML hasn't defined an identifier for URIs, whereas we have.
>
> However I don't feel strongly about this.  If no-one else has an opinion,
> I'll change it this weekend.
>
> Trevor
>
>
>