OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [security-services] AttributeDesignator as used in assertion andprotocol schemas


My bad; never mind.  It's actually done correctly in the schema, with 
AttributeDesignator in the query and Attribute in the statement.  I think 
the spec wording got out of sync with the schema and I got confused.

         Eve

At 10:46 AM 11/28/01 -0500, Eve L. Maler wrote:
>(I'm looking at the core-19 schemas that are on the SSTC page.)
>
>Is it intended that when AttributeDesignator from the saml: namespace is 
>reused in the protocol schema (for an AttributeQuery), you're supposed to 
>supply the AttributeValue?  I would think that in an assertion you do want 
>to spell out an attribute value, but in a query you just want to ask for 
>the attribute of the specified name, without parameterizing it by the value.
>
>E.g., if I want to know the PaidStatus of a subscriber to a service, I 
>would just say "Please give me the value of the PaidStatus attribute" -- I 
>wouldn't say "Please give me the PaidStatus=PaidUp attribute".  Right??
>
>If we want to change this, we would need to have something like a base 
>AttributeDesignatorType (and an AttributeDesignator element) in saml: that 
>just has AttributeName and AttributeNamespace (currently XML 
>attributes).  Then we should extend it in samlp: to get an 
>AttributeValueType (and an AttributeValue element) that adds an element 
>called AttributeValue.
>
>         Eve

--
Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC