OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] X509SubjectName and relationship to RFC2253?

>>The core-00 version of SAML 1.0 describes the format attribute,
>>#X509SubjectName , 
>>as follows:
>>       Indicates that the content of the NameIdentifier element is in
>>the form specified for 
>>       the contents of 	<ds:X509SubjectName> element in [DSIG].
>>Implementors should 
>>       note that [DSIG] specifies encoding rules for X.509 
>>subject names
>>that **differ** 
>>       from the rules given in RFC2253 [RFC2253]. 
>>There is no [DSIG] reference in this SAML document's bibliography. The
>>closest I have found is [XMLSig]. 
>>Is that the proper one? When I follow that link I end up at RFC3275

Ken, [XMLSig] is the correct reference. We should enter this as an editorial
error against cs-core-00. The intended use of X509SubjectName includes LDAP
name. Please take a look at Section 4.4.4 for the encoding rules used in

- prateek

>>which seems to contradict the SAML
>>        ... The X509SubjectName element, which contains an 
>>X.509 subject
>>distinguished name 
>>        that SHOULD be compliant with RFC 2253 [LDAP-DN] ...
>>Can someone explain what implied differences would exist in encoding
>>between SAML/DSIG and RFC2253
>>for this field?  Most importantly --- can I use this field 
>>for LDAP DNs,
>>or should I add an additional
>>format tag (such as #RFC2253DistinguishedName)?
>>Thank you for any clarification.
>> Kenneth J. Gartner        Development Engineering Manager
>> Quadrasis -- We Unify Security
>> Hitachi Computer Products (America), Inc.
>> 1601 Trapelo Road                  Phone:  (781) 768-5830
>> Waltham, MA 02451                    Fax:  (781) 890-4998
>> ken.gartner@quadrasis.com         
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC