OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] multiple attributes

Also, since [SAMLCore] lines 1863-1864 specifies that
A single query MUST NOT contain two <saml:Attribute> elements with the same Name and
NameFormat values (that is, a given attribute MUST be named only once in a query).

I think it reasonable for implementers to want to process outgoing AttributeQuery and incoming AttributeStatement in a symmetrical fashion.



-----Original Message-----
From: robert.philpott@rsa.com [mailto:robert.philpott@rsa.com]
Sent: Tuesday, June 03, 2008 8:02 AM
To: nitindangwal@gmail.com; cantor.2@osu.edu
Cc: trscavo@gmail.com; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] multiple attributes

I would also recommend the multiple value approach.


There may be implementations that process each attribute very independently and the second occurrence may simply overwrite the first.  Using a single multi-valued attribute makes it quite clear that the attribute has two values associated with it at the same time.


Rob Philpott

RSA, the Security Division of EMC
Senior Technologist | e-Mail: robert.philpott@rsa.com | Office: (781) 515-7115 | Mobile: (617) 510-0893


From: nitin dangwal [mailto:nitindangwal@gmail.com]
Sent: Monday, June 02, 2008 5:33 PM
To: Scott Cantor
Cc: Tom Scavo; SAML Developers
Subject: Re: [saml-dev] multiple attributes




OASIS recommends two <attributeValue> elements for a single attribute is possible.



[Any Number]

Contains a value of the attribute. If an attribute contains more than one discrete value, it isRECOMMENDED that each value appear in its own

<AttributeValue> element. If more than one <AttributeValue> element is supplied for an attribute, and any of the elements have a datatype assigned through xsi:type, then all of the <AttributeValue> elements must have the identical datatype assigned.


Although there are no restrictions as such.



Nitin Dangwal


On 6/2/08, Scott Cantor <cantor.2@osu.edu> wrote:

> I can't find anything in any of the SAML specs that prohibits multiple
> occurrences of the same attribute in a SAML attribute assertion.  For
> example, if an IdP wished to assert two e-mail addresses, it seems the
> IdP could formulate one attribute with two values or two attributes
> (with the same name) each with a single value.  Am I interpreting this
> correctly?

Far as I know.

-- Scott

To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]