OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: schema 16 comments: query by artifact.

Title: schema 16 comments: query by artifact.

Protocol schema 16 defines samlp:AssertionArtifact to satisfy browser profile flows.

In our descussions it was pointed out that different types of assertions could be requested by artifact:
authentication and attribute.

Current request schema does not let you specify what type of assertion is needed with
query by artifact. Moreover, if attribute assertion is desired we can not specify what attributes are to be returned.

To address these concerns I would like to propose samlp:QueryKey element that is a choice of
a subject or an artifact.

<complexType name="QueryKey">
                <element ref="saml:Subject"/>
                <element ref="samlp:AssertionArtifact"/>

To include this element in protocol schema we can either
1: redefine SubjectQueryAbstractType to include QueryKey:

<complexType name="SubjectQueryAbstractType" abstract="true">
                <extension base="samlp:QueryAbstractType">
                                <element ref="samlp:QueryKey"/>

2: Leave SubjectQueryAbstract type alone and create parallel query structure around QueryKey.

Simon Godik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC