OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] FW: Request: Modify schema to support SAMLattribute query retur n of ALL attributes within an attribute namespace

Resending to general TC list. As I recall we discussed this topic, but with
the request for a namespace...

- joe

-----Original Message-----
From: Edwards, Thomas J (Tom) [mailto:tjedwards@avaya.com] 
Sent: Tuesday, August 13, 2002 3:14 AM
To: security-editors@lists.oasis-open.org
Cc: eve.maler@sun.com; cantor.2@osu.edu
Subject: Request: Modify schema to support SAML attribute query return of
ALL attributes within an attribute namespace

I would like this request to be considered in the next draft.

The basic request is to modify the schema to support a SAML attribute query
to return ALL attributes within an attribute namespace.  Currently, one can
request ALL attributes by not including an attributeDesignator.  But then
the relying party cannot specify a namespace for the attributes to be
returned. Some details are provided in the following e-mail stream.

Thanks for your consideration of this request,


Thomas J. Edwards
Consulting Member of Tech Staff
6464 185th Ave NE
Redmond, WA 98052
Tel: 425-558-8140
e-mail: tjedwards@avaya.com

-----Original Message-----
From: Eve L. Maler [mailto:eve.maler@sun.com]
Sent: Thursday, August 08, 2002 7:08 AM
To: Edwards, Thomas J (Tom)
Cc: cantor.2@osu.edu
Subject: Re: SAML: how does SAML attribute query return ALL attributes
withinan attribute namespace?

Hello Tom,

I don't believe there's any way currently to query for just the 
attributes in a particular attribute namespace.  This would be a 
reasonable RFE, though; I suggest that you send mail to the 
security-services-comment list to request it if that's what you want to do.



Edwards, Thomas J (Tom) wrote:
> Scott and Eve,
> I would appreciate your help in understanding how does SAML support the  
> return of all attributes within a namespace.
> I have reviewed the working group minutes looking for an answer to the 
> above where all attributes are to be returned for a attributeNamespace.  
> However, I believe the only method to return all attributes currently is 
> to specify no attributes; in which case, one cannot specify the 
> attributeNamespace.
> "<AttributeDesignator> [Any Number] (see Section
> Each <AttributeDesignator> element specifies an attribute whose value is 
> to be returned. If
> no attributes are specified, it indicates that all attributes allowed by 
> policy are requested."
> There are some options described such as returning all attributes for a 
> resource, but this is not limiting to a namespace.
> "The <Resource> attribute specifies the URI of a resource which is 
> relevant to the request for attributes. If present, the responding 
> entity MAY use the information in determining the set of attributes to 
> return to the requesting entity." 
> Another way -_ though I am pretty certain this is not really 
> recommended_, is to use the NameQualifier. That is, an Asserting Party 
> may or may not support this notion.
> "Should the core schema specify a way to express an attributes scope, or 
> should this be left as a part of the structure of the attribute? Scope 
> has essentially the same meaning as security domain?
> Status: Closed by vote on Jan 29, 2002. Attribute scope must be 
> specified as a part of the attribute structure.* (Note however that 
> Subject NameIdentifier has a specific SecurityDomain element that 
> roughly corresponds to the notion of attribute scope for the subject 
> name attribute.)* Note that this is not the same as Attribute Namespace. 
> This is discussed here."
> Your help would be appreciated,
> Tom
> Tom Edwards, CMTS
> *AVAYA Inc*
> 6464 185th Ave NE
> Redmond, WA 98052
> Tel: 425-558-8140
> e-mail: tjedwards@avaya.com

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 883 5917
XML Web Services / Industry Initiatives      eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC