OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: attribute namespace solution bullets

Regarding the baseline attribute namespace work item, let me make these
brief points.

One is that the first step to a solution is agreeing on the conceptual
distinction between namespace as "global body of attribute definitions",
such as X.500-based attribute definitions, and namespace as
"organizational scope", as we have discussed.  I support the addition of a
feature to the SAML attribute schema to represent organizational scope, as
proposed in the attribute solution proposal (attribute-02), and the
separation of this from attribute naming per se.

There is also discussion about whether the current SAML two-part attribute
name (name + namespace) should be reduced to a single attribute name.  If
the only motivation for having a namespace feature was to represent
organizational scope, then this may be justified.

Regarding how to represent names of X.500 attributes, the use case doc
presented several choices.  I recommend OID-based naming
(urn:oid:<OID-as-string>) as the only feasible choice, given the problems
with document-based naming in this space.

 - RL "Bob"

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]