OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AI 0031 Clarify text around AuthorityKind

The relevent text in core draft-04 starts on line 725.

In general, I think it's in pretty good shape, as it's more explicit than RespondWith was about the QNames being either element
names or type names. The apparent issue is with the assumption that extension query types would be passed using xsi:type only.

I suggest a change to lines 731-734 of the final sentence to read:

Query extensions may be passed as a literal extension element subtitutable for <samlp:Query> (e.g. <ns:NewQuery>) or as a
<samlp:Query> accompanied by an xsi:type attribute (e.g. <samlp:Query xsi:type="ns:NewQueryType">). In such cases, the
"AuthorityKind" attribute MAY be set to either the derived element name or the xsi:type value.

Even for built-in types, the intent was that either <samlp:AttributeQuery> or <samlp:AttributeQueryType> would be acceptable, and
this isn't a big deal for implementers. It may be preferable to use only the type in all cases, I guess, but I don't think it's a
big deal.

Since AuthorityBinding is simply a rudimentary form of in-band metadata, it's something to revisit for SAML 2.0 in conjunction with
metadata discussions.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]