[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Question on the use of <RespondWith>
Joe, the <RespondWith> element is a very recent addition to the spec. It appears to originate out of some fairly high-level discussion at F2F#5. I have generated a separate message pointing out some of the complexities around <RespondWith>. http://lists.oasis-open.org/archives/security-services/200201/msg00136.html <http://lists.oasis-open.org/archives/security-services/200201/msg00136.html > I believe that the basic assumption in the request/response protocols was that a response might contain any number of assertions containing any number of statements of any type. Therefore, a conformant processor would have to take care of all three levels of variation (not a big deal, IMHO). The <RespondWith> element appears to be an attempt to discipline this process BUT I dont see that its semantics are clearly specified. We need to figure out if we can reasonably add some constraint of this type or remove it from the specification. [Prateek Mishra] [JS] I have a question on the use of <RespondWith> in the RequestAbstractType of the protocol. How would this be used to obtain an Assertion with multiple Statements? In general, are there a use cases (maybe to be added to the binding model) that define when multiple Statements within a single assertion would be returned to a client? Is there a use case for multiple Statements of different types within the same Assertion? Any pointers to discussion threads on this topic would be appreciated. For example, I would like to obtain both Authentication information and Attribute information. It appears that there is a great deal of flexibility in the spec for doing this which may lead to interoperability issues. Here are some potential ways to do it... 1) Separate Request/Response pairs <Request ...> <RespondWith>AuthenticationStatement</RespondWith> <AuthenticationQuery...> </Request> <Response ...> <Status>...</Status> <Assertion ...> <AuthenticationStatement ...> </Assertion> </Response> <Request ...> <RespondWith>AttributeStatement</RespondWith> <AttributeQuery...> </Request> <Response ...> <Status>...</Status> <Assertion ...> <AttributeStatement ...> </Assertion> </Response> 2) Multiple Assertions returned in a single Request/Response <Request ...> <RespondWith>AuthenticationStatement</RespondWith> <RespondWith>AttributeStatement</RespondWith> <AuthenticationQuery...> </Request> <Response ...> <Status>...</Status> <Assertion ...> <AuthenticationStatement ...> </Assertion> <Assertion ...> <AttributeStatement ...> </Assertion> </Response> 3)Single Assertion with multiple Statements in a single Request/Response <Request ...> <RespondWith>MultipleStatement</RespondWith> <!-- Is this how it works? --> <RespondWith>AuthenticationStatement</RespondWith> <RespondWith>AttributeStatement</RespondWith> <AuthenticationQuery...> </Request> <Response ...> <Status>...</Status> <Assertion ...> <AuthenticationStatement ...> <AttributeStatement ...> </Assertion> </Response> Thanks, Joe Joe Sanfilippo Commerce One 19191 Vallco Parkway, Cupertino, CA 95014 Tel 408 517 9245; Fax 408 517 3992 joe.sanfilippo@commerceone.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC