[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Missing 'name' in NameIdentifier (saml core 31 &core-00)?
Ken I'm sorry that I didn't get back to you sooner. The NameIdentifier
does include the name e.g.
<NameIdentifier SecurityDomain="example.com">joeuser</NameIdentifier>
The NameIdentifier is the element type with joeuser as the value, i.e.
the name. The SecurityDomain and the format are attributes of the
NameIdentity not the value.
Don
-----Original Message-----
From: Gartner, Ken
Sent: Tuesday, April 23, 2002 7:02 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] Missing 'name' in NameIdentifier (saml core 31 &
core-00)?
The description of the NameIdentifier lists a "name" field, but the XML
and the following description do not include it. Can someone point me to
the proper field for the fully qualified name of a Subject? The two
attributes actually described -- Format and NameQualifier -- are
optional meta-data...
Thanks in advance.
Ken
PS - would I be correct to assume that the complete URI for an email
Address would be "urn:oasis:names:tc:SAML:1.0#emailAddress"?
================= (from core-31)
2.4.2.2. Element <NameIdentifier>
The <NameIdentifier> element specifies a subject by a combination of a
name qualifier, a name and a format. It has the following attributes:
NameQualifier [Optional]
The security or administrative domain that qualifies the
name of the subject.
The NameQualifier attribute provides a means to federate
names from disparate user stores without collision.
Format [Optional]
The syntax used to describe the name of the subject
The format value MUST be a URI reference. The following URI references
are defined by this specification, where only the fragment identifier
portion is shown, assuming a base URI of the SAML assertion namespace
name.
#emailAddress
Indicates that the content of the NameIdentifier element
is in the form of an email address,
specifically "addr-spec" as defined in section 3.4.1 of
RFC 2822 [RFC 2822]. An addr-spec has the form local-part@domain. Note
that an addr-spec has no phrase (such as a common name) before it, has
no comment (text surrounded in parentheses) after it, and is not
surrounded by "<" and ">".
#X509SubjectName
Indicates that the content of the NameIdentifier element
is in the form specified for the contents of <ds:X509SubjectName>
element in [DSIG]. Implementors should note that [DSIG] specifies
encoding rules for X.509 subject names that differ from the rules given
in RFC2253 [RFC2253].
#WindowsDomainQualifiedName
Indicates that the content of the NameIdentifier element
is a Windows domain qualified name. A Windows domain qualified user name
is a string of the form "DomainName\UserName". The domain name and "\"
separator may be omitted.
The following schema fragment defines the <NameIdentifier> element and
its NameIdentifierType complex type:
<element name="NameIdentifier" type="saml:NameIdentifierType"/>
<complexType name="NameIdentifierType"> <simpleContent> <extension
base="string">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="Format" type="anyURI" use="optional"/> </extension>
</simpleContent> </complexType>
The interpretation of the NameQualifier, and NameIdentifier's content in
the case of a Format not specified in this document, are left to
individual implementations.
Regardless of format, issues of anonymity, pseudonymity, and the
persistence of the identifier with respect to the asserting and relying
parties, are also implementation-specific.
___________________________________________________________
Kenneth J. Gartner Development Engineering Manager
Quadrasis -- We Unify Security
Hitachi Computer Products (America), Inc.
1601 Trapelo Road Phone: (781) 768-5830
Waltham, MA 02451 Fax: (781) 890-4998
ken.gartner@quadrasis.com
___________________________________________________________
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC