OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML 1.1 Multiple Attribute Statement



> > In what scenario I should use multiple AttributeStatement?
> 
> Avoid multiple <AttributeStatement> elements if possible, for the sake
> of interoperability.

This seems overly restrictive to me.   I can easily see cases where attribute statements having different purposes are added to the same assertion and I don't see any reason why that would be wrong.

For example, Liberty has defined the DiscoveryServiceEPR attribute which contains a WS-A EndpointReference for the discovery service.  If the IdP also wanted to include other attributes about the user for a given SP (perhaps a "role" attribute), I see no reason to not include that as a separate attribute statement rather than trying to kludge things together into a single attribute statement.

Conor



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]