security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [security-services] Proposed text for <NameIdentifier>
- From: "Mishra, Prateek" <pmishra@netegrity.com>
- To: "'security-services@lists.oasis-open.org'"<security-services@lists.oasis-open.org>
- Date: Fri, 01 Mar 2002 17:08:01 -0500
2.4.2.2 Element
<NameIdentifier>
The <NameIdentifier>
element specifies a subject by a combination of a name, a format and a
security domain. It has the
following attributes:
SecurityDomain
[Optional]
The security domain governing the name of the subject.
Format [Optional]
The
syntax used to describe the name of the subject.
Format values are URIs. The
following standard values are defined as URI fragment
identifiers. The base for
these identifiers is the SAML assertion namespace URI.
#rfc822Name:
Indicates that the value of the Name
element MUST be an rfc822 name.
The format of
an rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822].
An addr-spec has the form "local-part@domain".
Note that an addr-spec
has no phrase
(such as a common name) before it, has no comment (text
surrounded in
parentheses) after it, and is not surrounded by "<" and
">". Note that while
upper and lower case letters are allowed in an
RFC 822 addr-spec, no
significance is attached to the case.
#X.500Name:
Indicates that the value of the
Name element MUST be a X.500Name.
The format of an
X.500Name is a "distinguishedName" as
described in
Section 3 of
RFC2253 [RFC2253]. The X.500 Directory uses
distinguished
names as the primary keys to entries in the directory.
Distinguished Names are encoded in ASN.1 in the X.500 Directory protocols.
In the LDAP
a string representation of distinguished names is
transferred.
RFC2252 defines
the string format for representing names, which is designed
to give a
clean representation of commonly used distinguished names, while
being able
to represent any distinguished name.
#WindowsNTQualifiedName:
Indicates that the value of the Name
element MUST be a Windows NT qualified name.
A Windows NT qualified user name is a
string of the form "NTDomainName\UserName".
The domain name and "\" separator may
be omitted.
The following schema
fragment defines the <NameIdentifier> element and its
NameIdentifierType
complex type:
<element name="NameIdentifier"
type="saml:NameIdentifierType">
<complexType
name="NameIdentiferType">
<sequence>
<element name="Name"
type="string">
</sequence>
<attribute
name="SecurityDomain" type="string" use="optional">
<attribute name="Format"
type="anyURI" use="optional">
</complexType>
The interpretation of the security domain and the name
are left to individual implementations,
including issues of anonymity, pseudonymity, and the
persistence of the identifier
with respect to the asserting and relying parties. The
security domain attribute provides
a means to federate names from disparate user
stores without collision.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC