[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [imi] RE: Proposed claim encoding profile for SAML 1.1 tokens
Anthony Nadalin wrote on 2009-08-28: > I think there are a few problems, as it does not explicitly state that the > "\" at the end is required. Without having looked, I assumed it wasn't, so definitely needs clarifying. > Also the language is too laxed for > interoperability, this seems to be caused by the desire to have some level > of co-existence with the SAML 2.0 profile, which may not be the best thing > to do My general inclination is to agree that as it's expressed, it seems to really be mandating what I consider to be suboptimal behavior, rather than what would be desired behavior. It would be one thing to say you MUST do X while you SHOULD support Y, where Y is the thing to stop doing. Otherwise it seems like you probably just want to carve out a URN exception and leave URLs as is. Obviously that's not what I would do, but if you're insisting on compatibility with code written against a non-existent profile, there's not much else to be done. With regard to the references, the document you really want on that is here: http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attributes- 200804.pdf That would be a better reference than the NIH wiki topic I think you included. Something else unrelated that comes to mind is perhaps adding something about use of xsi:type to align it to the SAML 2.0 language about not using that other than with built-in XSD types. I doubt it will come up much, but it wouldn't hurt to take care of that up front while you're writing something up. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]