[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services-comment] [Fwd: Request: Modify schema to supportSAML attribute query return of ALL attributes within an attribute namespace]
Fowarded on behalf of Tom Edwards... -------- Original Message -------- Subject: Request: Modify schema to support SAML attribute query return of ALL attributes within an attribute namespace Date: Tue, 13 Aug 2002 00:14:20 -0700 From: "Edwards, Thomas J (Tom)" <tjedwards@avaya.com> To: <security-editors@lists.oasis-open.org> CC: <eve.maler@sun.com>, <cantor.2@osu.edu> I would like this request to be considered in the next draft. The basic request is to modify the schema to support a SAML attribute query to return ALL attributes within an attribute namespace. Currently, one can request ALL attributes by not including an attributeDesignator. But then the relying party cannot specify a namespace for the attributes to be returned. Some details are provided in the following e-mail stream. Thanks for your consideration of this request, Tom Thomas J. Edwards Consulting Member of Tech Staff AVAYA Inc 6464 185th Ave NE Redmond, WA 98052 Tel: 425-558-8140 e-mail: tjedwards@avaya.com -----Original Message----- From: Eve L. Maler [mailto:eve.maler@sun.com] Sent: Thursday, August 08, 2002 7:08 AM To: Edwards, Thomas J (Tom) Cc: cantor.2@osu.edu Subject: Re: SAML: how does SAML attribute query return ALL attributes withinan attribute namespace? Hello Tom, I don't believe there's any way currently to query for just the attributes in a particular attribute namespace. This would be a reasonable RFE, though; I suggest that you send mail to the security-services-comment list to request it if that's what you want to do. Regards, Eve Edwards, Thomas J (Tom) wrote: > Scott and Eve, > > I would appreciate your help in understanding how does SAML support the > return of all attributes within a namespace. > > I have reviewed the working group minutes looking for an answer to the > above where all attributes are to be returned for a attributeNamespace. > However, I believe the only method to return all attributes currently is > to specify no attributes; in which case, one cannot specify the > attributeNamespace. > > "<AttributeDesignator> [Any Number] (see Section 2.4.5.1) > Each <AttributeDesignator> element specifies an attribute whose value is > to be returned. If > no attributes are specified, it indicates that all attributes allowed by > policy are requested." > > > There are some options described such as returning all attributes for a > resource, but this is not limiting to a namespace. > > "The <Resource> attribute specifies the URI of a resource which is > relevant to the request for attributes. If present, the responding > entity MAY use the information in determining the set of attributes to > return to the requesting entity." > > Another way -_ though I am pretty certain this is not really > recommended_, is to use the NameQualifier. That is, an Asserting Party > may or may not support this notion. > > > "Should the core schema specify a way to express an attributes scope, or > should this be left as a part of the structure of the attribute? Scope > has essentially the same meaning as security domain? > > Status: Closed by vote on Jan 29, 2002. Attribute scope must be > specified as a part of the attribute structure.* (Note however that > Subject NameIdentifier has a specific SecurityDomain element that > roughly corresponds to the notion of attribute scope for the subject > name attribute.)* Note that this is not the same as Attribute Namespace. > This is discussed here." > > Your help would be appreciated, > > Tom > > > Tom Edwards, CMTS > *AVAYA Inc* > 6464 185th Ave NE > Redmond, WA 98052 > Tel: 425-558-8140 > e-mail: tjedwards@avaya.com > > > > > > -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 883 5917 XML Web Services / Industry Initiatives eve.maler @ sun.com -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 883 5917 XML Web Services / Industry Initiatives eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC