OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] ISSUE: AuthorityKind and RespondWith

Following up to two of my messages before last call
(http://lists.oasis-open.org/archives/security-services/200202/msg00127.html
and
http://lists.oasis-open.org/archives/security-services/200202/msg00129.html)
: I proposed that we change the AuthorityKind and RespondWith elements to be
qnames, with the combination of the XML namespace qualifier and the name in
the qname uniquely naming the type of SAML Statement.

Here are proposed normative changes to Core-27:

Lines 730-734:
An XML QName (Qualified Name) identifying the namespace and element name of
the type of statement this authority can return. For example, presuming that
the "saml" namespace prefix is bound to the SAML namespace, an attribute
authority would identify itself with the attribute
AuthorityKind="saml:AttributeStatement". For elements defined by extension
schemas, where the type of the statement is specified by an
xsi:type="myPrefix:SchemaTypeName" attribute, the AuthorityKind attribute
should contain exactly the same QName as the xsi:type attribute of the
corresponding Statement.

Lines 746-747: change to <attribute name="AuthorityKind" type="qname"
use="required"/>

Lines 751-757: remove

Lines 976-1008 (Section 3.2.1.1): Replace entirely with:

Section 3.2.1.1. Element <RespondWith>

The <RespondWith> element specifies the type of Statement the requestor
wants from the responder. Multiple <RespondWith> elements MAY be included to
indicate that the requestor will accept assertions containing any of the
specified types. If no <RespondWith> element is given, the responder may
return assertions containing statements of any type.

If the requestor sends one or more <RespondWith> elements, the responder
MUST NOT respond with assertions containing statements of any type not
specified in one of the <RespondWith> elements.

(Include lines 986-988, Note: ... here)

RespondWith element values are XML QNames. The XML namespace and name
specifically refer to the namespace and element name of the Statement
element, exactly as for the saml:AuthorityKind attribute; see section
2.4.3.2.

The following schema fragment defines the RespondWith element:
    <element name="RespondWith" type="qname"/>

 - irving -


-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC