OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: NHIN Exchange <Subject> question


I'm not sure what the issue is that you still have.   The spec only allows a single Subject element within the assertion and that subject applies to all attribute statements within that assertion. 

The example you gave with an assertion within an assertion does not change the requirements for each assertion to independently meet the requirements of the specification.

So the Assertions that you placed into the <Evidence> element must be able to validate without the surrounding assertion and therefore need their own Subjects, even if the Subject is the same subject as the surrounding assertion.   There is no inheritance in recursive assertions.

Please note that it's also very possible for the Subjects in the Assertions within the <Evidence> element to be different subjects (for many possible reasons -- different subject confirmations, different identities, etc.).


-----Original Message-----
From: Eric Heflin [mailto:eheflin@medicity.com] 
Sent: Tuesday, January 11, 2011 1:25 PM
To: Cantor, Scott E.; saml-dev@lists.oasis-open.org
Subject: [saml-dev] RE: NHIN Exchange <Subject> question


This issue is highly important to the NHIN Exchange.  It is currently blocking a state health information exchange from joining the NHIN Exchange, and two vendors (perhaps more) are in a holding pattern depending on the authoritative resolution to this issue.  

What is the proper path for getting a consensus initial opinion and ultimately an authoritative statement on this (and some closely related) topics?

Would it be helpful if I provided revised SAML text intended to replace the existing text?

Eric Heflin
Dir of Standards and Interoperability
THE Standard for Meaningful HIE.       
801.415.2672 (o)
801.674.2313 (m)
eheflin (Skype)

-----Original Message-----
From: Eric Heflin 
Sent: Friday, January 07, 2011 9:44 AM
To: 'Cantor, Scott E.'; saml-dev@lists.oasis-open.org
Subject: RE: NHIN Exchange <Subject> question


Thanks for the fast response.

Here's the ambiguity: Since a SAML assertion can have multiple <Subject>s, the quoted text ambiguous since it is not clearly specifying which <Subject> is being referenced as being required.

-----Original Message-----
From: Cantor, Scott E. [mailto:cantor.2@osu.edu]
Sent: Friday, January 07, 2011 9:27 AM
To: Eric Heflin; saml-dev@lists.oasis-open.org
Subject: RE: NHIN Exchange <Subject> question

> Interpretation A (Only one <Subject> element is required): One 
> interpretation is that a SAML Assertion with an <AttributeStatement> 
> element does not need a <Subject> element -inside- any child 
> <Assertion> elements containing the <AttributeStatement>, but that 
> such a SAML Assertion does require a <Subject> element at the root 
> <Assertion>/<Subject> level.

That directly contradicts the text you're quoting.

>          <!-- Does not contain a subject, because there is one in the
>             encompassing assertion and this assertion is about the 
> same subject ->

There is no relationship between those assertions, so they certainly don't inherit anything between them.

> Interpretation B

That is the one that actually follows the text of the spec.

-- Scott

To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]