OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: wrt: DS-4-02: XML Terminology

The text of this issue from draft-sstc-saml-issues-06..

ISSUE:[DS-4-02: XML Terminology] 
Which XML terms should we be using in SAML? Possibilities include: message,
document, package.  
Status: Open  

I think this issue is presently largely moot. As I recall, it arose in the
context of the use case work wherein some folks were using terms such as
"authentication document" to name objects that we now describe as
"authentication assertions". 

In looking at core-15 and bindings-model-05, I note that those docs already
eschew using the "document" and "xml document" terms to describe (what I'd call)
"SAML objects". 

I jotted down some recommendations in case anyone wishes to discuss/refine them
(rat-hole warning). 

I recommend we close DS-4-02. 


Recommendations on terminology wrt SAML objects

SAML is specified in terms of XML. The data objects comprising SAML ("SAML
objects" for short) are thus expressed in an XML-based syntax as defined by the
SAML schema, itself expressed according to the XML schema syntax. Those SAML
objects defined in terms of "XML elements" are formally "XML documents" when
considered *in the context of XML itself*. See..


..for the definition of "XML document". 

However, when considering SAML objects *in the SAML context*, we SHOULD use 
terms (and combinations thereof, along with other terms not explicitly on this
list) such as: "assertion", "request", "response", "message", "query",
"element". We SHOULD NOT use the term "document" to describe SAML objects in the
SAML context. Some obvious examples..

  request message 

  response message

  authentication assertion

  SAML assertions

  foo element, e.g. <Subject> element

A longer prose example..

  The SAML protocol is comprised of request and response messages. SAML 
  requests are comprised of authentication, authorization, and attribute 
  queries. A SAML response message is returned as a result of a query. SAML 
  responses convey SAML authentication assertions, authorization decision 
  assertions, and attribute assertions. 

  SAML assertions may be combined with other non-SAML objects in various 
  fashions. Examples of some such objects are otherwise-arbitrary, non-SAML 
  XML documents (thus including various non-SAML, XML-based protocol elements, 
  e.g. SOAP, ebXML), MIME messages, and so on. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC