Subject: Re: [saml-dev] Attribute equality during AttributeQuery

On 8/29/14, 8:32 AM, "Peter Major" <peter.major@forgerock.com> wrote:

>> Speaking as an implementer, you ignore the concept of profiles and
>> strictly enforce equality on both fields, or possibly treat unspecified
>> a wildcard that treats Name as the only comparator.
>I think this is a defendable way to interpret the spec, as it shows
>similarity to the way how NameID-Formats are handled (SAML Core
>"If the Format value is omitted or set to
>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified, then the identity
>provider is free to return any kind of identifier, subject to any
>additional constraints due to the content of this element or the
>policies of the identity provider or principal."

That, and I think you give up any pretense at interop by using
"unspecified". So really any interpretation of it is fine.

-- Scott

