OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Front-channel AttributeQuery Profile

2009/11/11 Scott Cantor <cantor.2@osu.edu>:
> Tom Scavo wrote on 2009-11-11:
>>> There's only one NameID in the Subject, so I'm not sure what case you're
>>> thinking of. He was suggesting that a request would have no NameID and
> the
>>> assertion would have one.
>> The definition of "strongly matches" in Core allows that.
> I guess I'm not interpreting the text that way.

Then you're not interpreting it correctly.

> 3.3.4: If S2 includes an identifier element (<BaseID>, <NameID>, or
> <EncryptedID>), then S1 MUST include an identical identifier element.
> S1 and S2 are just arbitrary labels, and the matching property is reflexive.

No, it's not. I'm not sure how you're arriving at that conclusion.

> If one of them has an identifier, the other has to, or they don't match.

That's false, and this has been discussed at length within the SSTC.
In fact, there is a definition of *very strongly matches* that agrees
with your interpretation:


but it is not the definition given in Core.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]