OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] "3 kinds of assertions" or "3 kinds of statements"


On 11/30/05, w i l l <oasis.saml@javafreelancer.net> wrote:
>
> in a lot of
> non-OASIS literature that i have come across, many authors often
> explain SAML by saying things like, "...there are [3 kinds of SAML
> assertions]: authentication assertions, authorization assertions &
> attribute assertions...". but isn't it more accurate to say that
> there is only one kind of assertion, but three kinds of
> statements: authentication statements, authorization statements,
> attribute statements...and an assertion can contain one or more of
> these statements..."?

Yes, I agree.  When someone says "authentication assertion", they
usually mean an assertion containing an authentication statement, but
that leads to problems if the assertion contains, say, both an
authentication statement and an attribute statement.  Perhaps the
reason we get away with the sloppy terminology is that an assertion
rarely contains different types of statements in practice (although I
could be wrong about that).

To complicate matters, the SAML 1.1 Profiles document defines the term
"SSO assertion".  I'll let you look up its definition. ;-)

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]