OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Comments on the use of Substitution groups,and Phil's propos al to decouple the assertion header from the statements.

> 1) It is much harder to work with "Statements" at the top level of
> abstraction. For example if you wanted to write some code to get the
> "statement" inside an <Assertion>--something everyone will 
> have to do, ...

If that is a problem (and I don't think that it is) the solution 
would be to wrap the occurrence of <XYSStatement> with a 
<Statements> container.

At present however the only elments that can occur inside an
Assertion are Conditions, Advice and the statement element.

> Under the type substitution paradigm these changes by us to our schema
> don't
> break processors that operate at the general level of 
> statements. Only the
> new code to handle the new type is necessary, not any changes to the
> processors at the more abstract levels.

The problem you claim exists is actually reduced in the new schema.

If the processor does not understand the statment then there is
nothing that it can do with the statement but the elements of the
assertion wrapper (attributes, conditions, advice) can still be

The new scheme allows for applications to introduce enhanced
versions of the SAML statements and use the xsi:Type attribute
to specify the variant. 


Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC