security-services-comment message

Subject: RE: [security-services-comment] comment on SAML V2.0 X.500/LDAP Attribute Profile: attribute options

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Mark Wahl'" <Mark.Wahl@informed-control.com>, <security-services-comment@lists.oasis-open.org>
Date: Wed, 14 Feb 2007 21:37:56 -0500

> As section 2.3.1 states that the FriendlyName does not participate
> in matching SAML attributes, this would suggest that the tagging
> options are ignored when comparing SAML attribute names.  Is this
> the intention?

I think it is, but I don't know whether anybody familiar enough with LDAP
considered it or not. I think it's worth at least stating outright if that
is in fact the position taken, and will suggest that, unless people want the
tagging options to influence the name.

What is definite is that the FriendlyName is non-normative and would never
be considered itself. If anything the tagging options would have to be
reflected in the attribute using supplemental XML attributes.

Thx,
-- Scott

Follow-Ups:
- Re: [security-services-comment] comment on SAML V2.0 X.500/LDAP AttributeProfile: attribute options
  - From: Mark Wahl <Mark.Wahl@informed-control.com>

References:
- comment on SAML V2.0 X.500/LDAP Attribute Profile: attribute options
  - From: Mark Wahl <Mark.Wahl@informed-control.com>