OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Attribute equality during AttributeQuery

On 8/28/14, 3:28 PM, "Peter Major" <peter.major@forgerock.com> wrote:

>Thanks for your help, there is only one thing now that I struggle with a
>little bit:
>how do you determine which profile is being used?

Speaking as an implementer, you ignore the concept of profiles and
strictly enforce equality on both fields, or possibly treat unspecified as
a wildcard that treats Name as the only comparator.

You abstract the matching such that if an inexact equivalence concept is
introduced by a future profile, it's handled through code that only
activates under the appropriate special circumstances, probably based on
the name.

In essence you hand off isEqual() to a method that defaults to string
comparison, but can be overridden.

>(or is this the wrong way around and I should look at the received
>NameFormat, determine which profile it belongs to, and then use the
>comparison rules corresponding to that NameFormat when the AA wants to
>determine whether it can collect the requested Attributes for the

If you want to complicate things to that degree, but it's not warranted.

>If my AA supports more than one attribute profile for the sake of
>complexity, how should it determine which profile's attribute name
>comparison rules it should use?
>In other words is there a way to tell from an attribute query which
>attribute profile should be used, or is this something the server should
>decide on its own?

There is no way to tell. The concept of profiles was a sop to accomodate
the resistance to the correct approach, which was to use URIs and nothing

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]