[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: composition of AssertionID (Issue: DS-4-04: URIs for Assertio nIDs)
At 09:54 AM 6/8/01 -0400, Hal Lockhart wrote: >Jeff Hodges wrote, > > The research I did indicates that it is questionable whether > > it is a good idea > > to simply use a URL-style URI as shown above and consider the > > "problem solved". > >Yes, but it seems to me that 2/3 of these problems go away if you assume >global (intergalactic) uniqueness. I further assert that half of the >remainder go away if you write strict rules for forming and comparing them >for identity. > >This IMO leaves a managable remainder to deal with. Sorry to be slow, I'm not sure I understand "2/3 of the problems go away if you assume global (intergalactic) uniqueness." Are you saying that a simplifying assumption can be made that all such URIs used as assertion IDs *are* unique, without testing? If we do have a notion of comparing IDs for identity, then URIs are notoriously difficult on this point unless we go with character-for-character equality (which is a much stricter standard, at least for http-scheme URIs, than is usually applied to mean "identity"). >I think we have already have agreed that various things in SAML need to be >administratively configured, based on out of band agreement, so I don't see >a problem with doing the same for the location of authorities. > >I am equally comfortable with an 1) issuer dns name and a unique integer or >2) an UUID, but such things are unfashionable. (As someone who was at >various times an expert on DCE and SET, I understand the need to follow >technology fashions or be left talking to yourself. ;-) Hey, I'm willing to consider ideas that seem unfashionable! :-) It has been suggested that XML and URIs go together like PB&J, but if we're not anticipating *retrieving* an assertion by means of its unique URI, then I believe it's probably better to use something else. BTW, Jeff asked about controlling which types of URIs are allowed: You can restrict the XML Schema datatype called "anyURI" by adding a regular expression facet that cuts down the set of valid URI strings. But there's no URI-aware method for cutting out particular schemes or anything like that. Eve -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Development eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC