[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: diff of Orchard-Maler assertion 001 and Core Assertions .09
I went through and did most of an element by element diff of the two approaches. I certainly see major convergence. I'm extremely pleased to see the use of an abstract claim type in PHBs model, this was a major objection of my to 0.7. However, I still believe that more stringent cardinalities should be specified. I like the use of extended attributes, but I do think that a different schema extension mechanism should be used. The use of strongly typed queries is potentially interesting. I certainly like the idea of them being instances of XQueries I think the summary of the differences are: 1) different placement of version, issuer, issueinstant in hierarchy 2) OM model uses a subjectAssertionType to consolidate 3 of the 4 assertion types 3) PHB model uses strongly typed requests 4) use of term Claim versus Assertion. 5) PHB allows for an attribute string, whereas OM does not 6) OM model of extension allows for non-SAML namespaced items, whereas PHB requires a subtype. AttributeClaim, Permissions, 7) Query structures, we'll see from the examples the need for general or typed queries. 8) PHB has 1 layer deep authorization structure, to associate Resources with Permissions. OM flattened this. Our logic is that if there are many different resources to associate with a permission, it's a simple matter to replication the authorizationAssertion. OM optimized for the simple case, where a subject has a permission for a resource, whereas PHB optimized for many resources per subject. 9) OM allows an input AssertionsPackage 10) OM has more stringent cardinalities, such as exactly 1 subject in SubjectAssertionTypes, 1 resource and 1 permission in authorization assertion, whereas PHB leaves these from 0 to unbounded. This is related to #7. 11) Different diagram styles. 12) Different documentation styles: 12a) OM contains Design guidelines section 12b) OM gives complete examples and schema at end, PHB intermixes schema fragments in doc 12c) OM gives an explicit rationale section for each element 12d) OM lists issues for many elements, PHB lists no issues for any elements 13) OM lists sample requests for illustration purposes. The details are SAMLRequesttype/SAMLQuery: o OM has Version o OM has SubjectAssertionPackage o PHB has Respond Query structures: o OM uses XQuery structure o PHB has strongly typed Subject/Authentication/Authorization/Attribute Queries SAMLResponseType/SAMLQueryResponse o OM has Version AssertionsPackageType/SAMLAssertionsPackage o PHB has Version o PHB has issuer, issueinstant. AssertionType/AbstractClaimType o OM has Version o OM has AssertionID o OM has issuer, issueinsant. o PHB has AssertionRef DecisionType/DecisionClaim - no real difference! AttributeAssertionType/ExtendedAttributeClaim o PHB has Attribute, OM allows any extension AuthenticationAssertionType/AuthenticationClaim - no real difference! AuthorizationAssertionType/AuthorizationClaim o OM has Resource, Permission. PHB has Authorization which has Resource/Permission/ExtendedPermission. o OM has minOccurs of 1 on resource, permission Permissions/Conditions/Advice - I didn't go into detail, I'm not to concerned about this right now. Cheers, Dave Orchard XML Architect Jamcracker Inc., 19000 Homestead Dr., Cupertino, CA 95014 p: 408.864.5118 m: 604.908.8425 f: 408.725.4310 www.jamcracker.com - Sounds like a job for Jamcracker.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC