Re: Proposed glossary definition of 'Assertion'

[Jeff Hodges <jhodges@oblix.com>]

Irving Reid wrote:
>
> Assertion: A datum that contains (a) The principal identity of the Asserting
> Party, (b) An identifier of the referent of the assertion, and (c) the claim
> being asserted. Assertions may also have Assertion Identifiers, and they may
> be signed by some authority (not necessarily the Asserting Party).

I think this is a good suggestion - thanks Irving. Tho it does bring up some
other thoughts..

This def seems to me to constitute a particular design for an assertion. As such
it's nominally ok-by-me as long as it's the actual design we decide upon. But
I'd hesitate to use this as the entire def for something like "assertion".

It seems to me that we may want to have two "senses" for definitions of SAML
protocol artifacts ("assertions" being one specific example): one sense being a
plain-language definition describing the kind of thing it is, and the other
sense being a specific-to-saml technical definition like the one above. 

I think having both senses will help our spec be more accessible to a wider
audience.


So for "assertion", we'd have something like..

(1) a piece of data constituting a declaration of some information, for example
about state ("so-and-so" is "authenticated") and/or attributes ("so-and-so" is
of the type "pink"). 

(2) A SAML assertion is a datum containing (a) The principal identity of the
Asserting Party, (b) An identifier of the referent of the assertion, and (c) the
claim being asserted. Assertions may also have Assertion Identifiers, and they
may be signed by some authority (not necessarily the Asserting Party).


Plus we SHOULD ensure that the glossary has defs for the SAML-specifc, technical
terms used in (b)..

Principal identity
Asserting party
claim
assertion identifier
authority


JeffH