[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments on attribute-02
[Sorry, only have time for very brief comment, and probably won't be able to be on focus call.] My comments here more or less repeat those at the end of my note to the TC on 2003-10-23, regarding requirements 2.3 (Express attribute issuer) and 2.4 (Ability to express attribute data-type at the attribute level). It is difficult to argue that someone else's requirements aren't requirements, but I remain of the opinion that these features, if added to the standard attribute schema, will not be used much, and will add complexity to implementations, and so aren't in our interest to put in. I also continue to think that if the motivation for including these features is consistency with XACML representation of attributes, this concern is misplaced. I'm sure it is the case that it is useful in XACML policies and attribute stores to represent issuers and datatypes of individual attributes. But this is because XACML policy evaluation might well involve looking at attributes from a large set of issuers and attribute definers. But this does not mean at all that there is a general need to represent this diversity in individual SAML assertions. No other attribute-transfer system I'm familiar with (eg X.500) has found this to be a requirement. I'd like to see more folks in the TC speak up for finding these features useful before deciding to include them. - RL "Bob"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]