OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Front-channel AttributeQuery Profile

Tom Scavo wrote on 2009-11-11:
>> There's only one NameID in the Subject, so I'm not sure what case you're
>> thinking of. He was suggesting that a request would have no NameID and
>> assertion would have one.
> The definition of "strongly matches" in Core allows that.

I guess I'm not interpreting the text that way.

> I'm not sure what part of the spec you're referring to. Unless I'm
> missing something, there's nothing in Core that requires a NameID, so
> the situation above is not precluded.

3.3.4: If S2 includes an identifier element (<BaseID>, <NameID>, or
<EncryptedID>), then S1 MUST include an identical identifier element.

S1 and S2 are just arbitrary labels, and the matching property is reflexive.
If one of them has an identifier, the other has to, or they don't match.

That's how I always read it, anyway.
-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]