OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] X509SubjectName and relationship to RFC2253?

The core-00 version of SAML 1.0 describes the format attribute,
#X509SubjectName , 
as follows:

       Indicates that the content of the NameIdentifier element is in
the form specified for 
       the contents of 	<ds:X509SubjectName> element in [DSIG].
Implementors should 
       note that [DSIG] specifies encoding rules for X.509 subject names
that **differ** 
       from the rules given in RFC2253 [RFC2253]. 

There is no [DSIG] reference in this SAML document's bibliography. The
closest I have found is [XMLSig]. 
Is that the proper one? When I follow that link I end up at RFC3275
which seems to contradict the SAML

        ... The X509SubjectName element, which contains an X.509 subject
distinguished name 
        that SHOULD be compliant with RFC 2253 [LDAP-DN] ...

Can someone explain what implied differences would exist in encoding
between SAML/DSIG and RFC2253
for this field?  Most importantly --- can I use this field for LDAP DNs,
or should I add an additional
format tag (such as #RFC2253DistinguishedName)?

Thank you for any clarification.


 Kenneth J. Gartner        Development Engineering Manager
 Quadrasis -- We Unify Security
 Hitachi Computer Products (America), Inc.
 1601 Trapelo Road                  Phone:  (781) 768-5830
 Waltham, MA 02451                    Fax:  (781) 890-4998

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC