[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Tentative preliminary draft proposed text forISSUE: AuthorityKin d and RespondWith
Since nobody picked up the gauntlet I threw down in
http://lists.oasis-open.org/archives/security-services/200203/msg00069.html,
I'm going to assume we have consensus for the option that makes the least
changes to the spec. That is, we continue to have the subtle difference
between AuthorityKind, which specifies the sorts of samlp:Query an authority
will answer, and RespondWith, which specifies the kind of saml:Statement a
requester wants to see.
Given that, here are the changes to switch both of these over to XML qnames.
Line numbers are relative to the core-27 PDF with change bars removed (the
one currently published on the web page).
Lines 723-728:
AuthorityKind [Required]
The type of SAML Protocol queries to which the authority described by
this element will respond. The value is specified as an XML Schema QName.
The acceptable values for AuthorityKind are the namespace-qualified names of
element types or elements derived from the SAML Protocol Query element (see
Section 3.3. Queries). For example, an attribute authority would be
identified by AuthorityKind="samlp:AttributeQuery". For extension schemas,
where the actual type of the samlp:Query would be identified by an xsi:type
attribute, the value of AuthorityKind MUST be the same as the value of the
xsi:type attribute for the corresponding query.
Lines 740-741: <attribute name="AuthorityKind" type="QName" use="Required"/>
Lines 745-751: delete
Lines 971-1001 (Section 3.2.1.1): Replace entirely with:
Section 3.2.1.1. Element <RespondWith>
The <RespondWith> element specifies the type of Statement the requestor
wants from the responder. Multiple <RespondWith> elements MAY be included to
indicate that the requestor will accept assertions containing any of the
specified types. If no <RespondWith> element is given, the responder may
return assertions containing statements of any type.
If the requestor sends one or more <RespondWith> elements, the responder
MUST NOT respond with assertions containing statements of any type not
specified in one of the <RespondWith> elements.
(Include lines 986-988, Note: ... here)
RespondWith element values are XML QNames. The XML namespace and name
specifically refer to the namespace and element name of the Statement
element, exactly as for the saml:AuthorityKind attribute; see section
2.4.3.2. For example, a requestor that wishes to receive assertions
containing only attribute statements must specify
<RespondWith>saml:AttributeStatement</RespondWith>. To specify extension
types, the RespondWith element MUST contain exactly the extension element
type as specified in the xsi:type attribute on the corresponding element.
The following schema fragment defines the RespondWith element:
<element name="RespondWith" type="QName"/>
- irving -
-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for direct,
special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.
This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC