[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Tentative preliminary draft proposed text forISSUE: AuthorityKin d and RespondWith
Since nobody picked up the gauntlet I threw down in http://lists.oasis-open.org/archives/security-services/200203/msg00069.html, I'm going to assume we have consensus for the option that makes the least changes to the spec. That is, we continue to have the subtle difference between AuthorityKind, which specifies the sorts of samlp:Query an authority will answer, and RespondWith, which specifies the kind of saml:Statement a requester wants to see. Given that, here are the changes to switch both of these over to XML qnames. Line numbers are relative to the core-27 PDF with change bars removed (the one currently published on the web page). Lines 723-728: AuthorityKind [Required] The type of SAML Protocol queries to which the authority described by this element will respond. The value is specified as an XML Schema QName. The acceptable values for AuthorityKind are the namespace-qualified names of element types or elements derived from the SAML Protocol Query element (see Section 3.3. Queries). For example, an attribute authority would be identified by AuthorityKind="samlp:AttributeQuery". For extension schemas, where the actual type of the samlp:Query would be identified by an xsi:type attribute, the value of AuthorityKind MUST be the same as the value of the xsi:type attribute for the corresponding query. Lines 740-741: <attribute name="AuthorityKind" type="QName" use="Required"/> Lines 745-751: delete Lines 971-1001 (Section 3.2.1.1): Replace entirely with: Section 3.2.1.1. Element <RespondWith> The <RespondWith> element specifies the type of Statement the requestor wants from the responder. Multiple <RespondWith> elements MAY be included to indicate that the requestor will accept assertions containing any of the specified types. If no <RespondWith> element is given, the responder may return assertions containing statements of any type. If the requestor sends one or more <RespondWith> elements, the responder MUST NOT respond with assertions containing statements of any type not specified in one of the <RespondWith> elements. (Include lines 986-988, Note: ... here) RespondWith element values are XML QNames. The XML namespace and name specifically refer to the namespace and element name of the Statement element, exactly as for the saml:AuthorityKind attribute; see section 2.4.3.2. For example, a requestor that wishes to receive assertions containing only attribute statements must specify <RespondWith>saml:AttributeStatement</RespondWith>. To specify extension types, the RespondWith element MUST contain exactly the extension element type as specified in the xsi:type attribute on the corresponding element. The following schema fragment defines the RespondWith element: <element name="RespondWith" type="QName"/> - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC