OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] The multiple subject issue

To try to clarify this issue, here is the schema as ammended during the con
call 2 weeks ago:


	<element name="SubjectStatement"
type="saml:SubjectStatementAbstractType"/>
	<complexType name="SubjectStatementAbstractType" abstract="true">
		<complexContent>
			<extension base="saml:StatementAbstractType">
				<sequence>
					<element ref="saml:Subject"/>
				</sequence>
			</extension>
		</complexContent>
	</complexType>

	<element name="Subject" type="saml:SubjectType"/>
	<complexType name="SubjectType">
		<choice>
			<sequence>
				<element ref="saml:NameIdentifier"/>
				<element ref="saml:SubjectConfirmation"
minOccurs="0"/>
			</sequence>
			<element ref="saml:SubjectConfirmation"/>
		</choice>
	</complexType>


A statement can have exactly ONE subject that may be desribed by a Name
Identifier alone, OR a Name Identifier and subject confirmation OR a subject
confirmation alone.

In the case of a name alone the subject confirmation is presumably out of
scope, quite likely in an attribute statement.

In the case of subject confirmation alone the name may well be irrelevant.


		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC