OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] Missing 'name' in NameIdentifier (saml core 31 & core-00)?

The description of the NameIdentifier lists a "name" field, but the XML
and the following description do not include it. Can someone point me to
the proper field for the fully qualified name of a Subject? The two
attributes actually described -- Format and NameQualifier -- are
optional meta-data...

Thanks in advance.


PS - would I be correct to assume that the complete URI for an email
Address would be "urn:oasis:names:tc:SAML:1.0#emailAddress"?

================= (from core-31) Element <NameIdentifier>  
The <NameIdentifier> element specifies a subject by a combination of a
name qualifier, a name and a format. It has the following attributes: 

NameQualifier [Optional] 
		The security or administrative domain that qualifies the
name of the subject. 
		The NameQualifier attribute provides a means to federate
names from disparate user stores without collision.   
Format [Optional] 
		The syntax used to describe the name of the subject 
The format value MUST be a URI reference. The following URI references
are defined by this specification, where only the fragment identifier
portion is shown, assuming a base URI of the SAML assertion namespace
		Indicates that the content of the NameIdentifier element
is in the form of an email address, 
		specifically "addr-spec" as defined in section 3.4.1 of
RFC 2822 [RFC 2822]. An addr-spec has the form local-part@domain. Note
that an addr-spec has no phrase (such as a common name) before it, has
no comment (text surrounded in parentheses) after it, and is not
surrounded by "<" and ">".  
		Indicates that the content of the NameIdentifier element
is in the form specified for the contents of <ds:X509SubjectName>
element in [DSIG]. Implementors should note that [DSIG] specifies
encoding rules for X.509 subject names that differ from the rules given
in RFC2253 [RFC2253]. 
		Indicates that the content of the NameIdentifier element
is a Windows domain qualified name. A Windows domain qualified user name
is a string of the form "DomainName\UserName".  The domain name and "\"
separator may be omitted. 
The following schema fragment defines the <NameIdentifier> element and
its NameIdentifierType complex type: 

 <element name="NameIdentifier" type="saml:NameIdentifierType"/>
<complexType name="NameIdentifierType">   <simpleContent>    <extension
    <attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="Format" type="anyURI" use="optional"/>    </extension>
</simpleContent>  </complexType> 

The interpretation of the NameQualifier, and NameIdentifier's content in
the case of a Format not specified in this document, are left to
individual implementations. 
Regardless of format, issues of anonymity, pseudonymity, and the
persistence of the identifier with respect to the asserting and relying
parties, are also implementation-specific.  

 Kenneth J. Gartner        Development Engineering Manager
 Quadrasis -- We Unify Security
 Hitachi Computer Products (America), Inc.
 1601 Trapelo Road                  Phone:  (781) 768-5830
 Waltham, MA 02451                    Fax:  (781) 890-4998

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC