RE: [security-services] Last call issues with schema

[<Frederick.Hirsch@nokia.com>]

Scott

I see your point. I was wondering how to refer to assertions when stored or
used outside the protocol context. 

To give an example, what if an assertion includes Evidence that has an AssertionIDReference.
Is it true that this reference is a name defined by the authority that produced the evidence and used to query that authority for the evidence assertion? If so, then obtaining evidence from more than
one authority could be a problem? This is why I was thinking about a URI. (An alternative is for Evidence to indicate where in addition to what, with what being the name).

regards, Frederick
 
Frederick Hirsch
Nokia Mobile Phones




> -----Original Message-----
> From: ext Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Tuesday, May 06, 2003 2:58 PM
> To: Hirsch Frederick (NMP/Boston);
> security-services@lists.oasis-open.org
> Subject: RE: [security-services] Last call issues with schema
> 
> 
> > I'm not sure why we wouldn't use xsd:anyURI instead of 
> > xsd:NCName for saml:IDReferenceType. If we want to refer 
> > across documents don't we need a URI?
> 
> Hmm, I have a feeling that's problematic. It doesn't seem 
> very well defined to me in our usual context.
> 
> For something like InResponseTo, what would the URI be? It 
> shouldn't be a fragment ID ("#foo") since that should be understood to
> refer to the same document. So there has to be URI in front 
> of that, but what could you use short of a URN that we gave a
> well-defined interpretation to?
> 
> Obviously it could be a URI in some contexts, but it seems 
> like we'd have to do real work to address all the potential 
> issues. I'm
> not sure it's any more well-defined in WSS, frankly, despite 
> the hand-wavy "goodness" of using a familiar syntax to point at an ID
> in another XML document.
> 
> In the context of XLink and document-land, this idea works 
> well, but I think it falls apart in protocol development.
> 
> -- Scott
> 
>