OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: multiple occurrences of DoNotCache element


SAML 1.1 introduces a new condition called DoNotCache. The intent here is to
support the use of "one-use" assertions that cannot be cached by the relying
party.

The following schema fragment (taken from sstc-saml-core-1.1-draft-10)
allows arbitrarily many instances of the element in a single assertion.

<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType"> 472
<choice minOccurs="0" maxOccurs="unbounded"> 473
<element ref="saml:AudienceRestrictionCondition"/> 474
<element ref="saml:DoNotCacheCondition"> 475
<element ref="saml:Condition"/> 476
</choice> 477
<attribute name="NotBefore" type="dateTime" use="optional"/> 478
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/> 479
</complexType> 480


Multiple occurrences of DoNotCache do any have any additional meaning but do
add some syntactic complexity to assertion processing. 

Should we modify the schema fragment to read:

<complexType name="ConditionsType"> 
<sequence>
<element ref="saml:DoNotCacheCondition" minOccurs="0"/>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AudienceRestrictionCondition" />
<element ref="saml:Condition"/>
</choice>
</sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>




- prateek


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]