OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] AttributeDesignator as used in assertion andprotocol schemas

(I'm looking at the core-19 schemas that are on the SSTC page.)

Is it intended that when AttributeDesignator from the saml: namespace is 
reused in the protocol schema (for an AttributeQuery), you're supposed to 
supply the AttributeValue?  I would think that in an assertion you do want 
to spell out an attribute value, but in a query you just want to ask for 
the attribute of the specified name, without parameterizing it by the value.

E.g., if I want to know the PaidStatus of a subscriber to a service, I 
would just say "Please give me the value of the PaidStatus attribute" -- I 
wouldn't say "Please give me the PaidStatus=PaidUp attribute".  Right??

If we want to change this, we would need to have something like a base 
AttributeDesignatorType (and an AttributeDesignator element) in saml: that 
just has AttributeName and AttributeNamespace (currently XML 
attributes).  Then we should extend it in samlp: to get an 
AttributeValueType (and an AttributeValue element) that adds an element 
called AttributeValue.

Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC