Yes, that was a cut and paste error.
Jeff B.
From: Gary.P.Cole@Sun.COM [mailto:Gary.P.Cole@Sun.COM]
Sent: Monday, October 16, 2006
11:46 PM
To: Bohren, Jeff
Cc:
Subject: Re: [provision] SAML 2
Profile Schema Proposal...
Looks like "/spmldsml:ObjectDef" was
intended to be "/spmlfed:ObjectDef". Is that right?
Bohren, Jeff wrote:
One of my action items has been to propose a
provisioning schema mechanism for the SAML 2.0 Profile for SPML 2.0. I
propose that for simple attributes we use something similar to the schema
mechanism provided by the DSML Profile, but simplified a little.
I am proposing two profile specific elements (we can
define a namespace such as urn:oasis:names:tc:SPML:2:0:Fed):
objectDef - defines a PSO object class
attributeDef
– defines a set of attribute definitions
Thus a list target response could look like:
<spml:listTargetsResponse
xmlns:spml="urn:oasis:names:tc:SPML:2:0"
xmlns:spmlfed="urn:oasis:names:tc:SPML:2:0:Fed"
xmlns:saml=" urn:oasis:names:tc:SAML:2.0:assertion">
<spml:target targetID="urn:acme:sp1">
<spml:schema>
<spmlfed:schema>
<spmlfed:objectDef name="urn:acme:partner">
<spmlfed:attributeDef name="uid"
required="true"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
<spmlfed:attributeDef name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
</spmldsml:objectDef>
<spmlfed:schema>
</spml:schema>
</spml:target>
</spml:listTargetsResponse>
This example is for basic SAML attributes, which is
what is most commonly used. For completeness we should also cover other SAML
attribute formats as well.
|
Jeff Bohren |
|
|
|
|
|
tel:
727.561.9500 x35719 |
|
|
|
|
