[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] ISSUE: AuthorityKind and RespondWith
Following up to two of my messages before last call (http://lists.oasis-open.org/archives/security-services/200202/msg00127.html and http://lists.oasis-open.org/archives/security-services/200202/msg00129.html) : I proposed that we change the AuthorityKind and RespondWith elements to be qnames, with the combination of the XML namespace qualifier and the name in the qname uniquely naming the type of SAML Statement. Here are proposed normative changes to Core-27: Lines 730-734: An XML QName (Qualified Name) identifying the namespace and element name of the type of statement this authority can return. For example, presuming that the "saml" namespace prefix is bound to the SAML namespace, an attribute authority would identify itself with the attribute AuthorityKind="saml:AttributeStatement". For elements defined by extension schemas, where the type of the statement is specified by an xsi:type="myPrefix:SchemaTypeName" attribute, the AuthorityKind attribute should contain exactly the same QName as the xsi:type attribute of the corresponding Statement. Lines 746-747: change to <attribute name="AuthorityKind" type="qname" use="required"/> Lines 751-757: remove Lines 976-1008 (Section 3.2.1.1): Replace entirely with: Section 3.2.1.1. Element <RespondWith> The <RespondWith> element specifies the type of Statement the requestor wants from the responder. Multiple <RespondWith> elements MAY be included to indicate that the requestor will accept assertions containing any of the specified types. If no <RespondWith> element is given, the responder may return assertions containing statements of any type. If the requestor sends one or more <RespondWith> elements, the responder MUST NOT respond with assertions containing statements of any type not specified in one of the <RespondWith> elements. (Include lines 986-988, Note: ... here) RespondWith element values are XML QNames. The XML namespace and name specifically refer to the namespace and element name of the Statement element, exactly as for the saml:AuthorityKind attribute; see section 2.4.3.2. The following schema fragment defines the RespondWith element: <element name="RespondWith" type="qname"/> - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC