Re: [saml-dev] multi-valued SAML attributes

["Cantor, Scott" <cantor.2@osu.edu>]

On 11/13/14, 11:31 PM, "Tom Scavo" <trscavo@internet2.edu> wrote:


>
>Ah, I found this in the section on attribute query:
>
>"A single query MUST NOT contain two <saml:Attribute> elements with
>the same Name and NameFormat values (that is, a given attribute MUST
>be named only once in a query)."
>
>Can we infer anything from that? (It's a stretch, I know.)

Not in a statement, that just limits queries. I tend to think there was 
probably a draft with language on both ends, and it ended up inconsistent, 
but I really don't know.

>Actually, the original question stems from the use of the
><mdattr:EntityAttributes> extension. I really hate to see two
>attributes with the same name in there but I don't seem to have a
>normative leg to stand on (except the obscure reference above).

I certainly wouldn't generate it, but no, it's not invalid. If it's your 
metadata, collapsing such a case would seem like a logical thing to do.

-- Scott