OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: "3 kinds of assertions" or "3 kinds of statements"


i am new to SAML. apologies if i am being overly-pedantic, but 
please can anybody clear something up for me? in a lot of 
non-OASIS literature that i have come across, many authors often 
explain SAML by saying things like, "...there are [3 kinds of SAML 
assertions]: authentication assertions, authorization assertions & 
attribute assertions...". but isn't it more accurate to say that 
there is only one kind of assertion, but three kinds of 
statements: authentication statements, authorization statements, 
attribute statements...and an assertion can contain one or more of 
these statements..."?

of course, now that i have some hands-on exposure to and 
experience with using SAML on an actual project, i understand what 
is meant by "...3 kinds of SAML assertions...". but, i was curious 
about what is the consensus on this type of hair-splitting. thanks 
in advance for your comments.

just for reference, here is a snip from

Technical Overview of the OASIS Security Assertion Markup 
(SAML) V1.1

Draft 05, 4 May 2004

"3.1 SAML Concepts

SAML has the following key concepts:

 Assertions: An assertion is a package of information that
supplies one or more statements made by a SAML authority. SAML
defines three kinds of statements that can be carried within an
assertion...Authentication statements...Attribute
statements...Authorization decision statements..."

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]