OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Attributes in SAML 2.0 and Alignment with SPML1.0

During our initial go-round of defining attribute statements in SAML, we 
did look at DSML for inspiration.  DSML was very much tied to LDAP and 
we were going for a more generic and flexible approach, so we ended up 
with the current model.

Jeff, note that we're likely to move away from the "attribute namespace 
approach", and hopefully will accommodate SPML attributes even better as 
a result.  Please watch for a third revision of my attribute proposal 
tonight or tomorrow morning; it reflects input from last week's focus 
call, and I'm hoping we will be able to cement its fate formally on 
tomorrow's quorate call.  The second rev is here, if you want to get a 
head start (it's not changing all *that* much):



Jeff Bohren wrote:

> Prateek,
> You are correct that SPML 1.0 builds on DSML 2.0 and uses DSML 2.0 attributes for the same purpose as SAML attributes. This path was originally taken to achieve some level of "standards reuse". Originally the idea was that SPML would be nothing more than DSML with a few enhanced that are needed to solve certain provisioning problems. In reality SPML diverged farther from DSML than was originally intended and one point there was consideration of not using DSML at all in SPML. 
> SAML atttributes are already almost identical to SPML attributes in function already, so I don't think any changes would be needed. The only functional difference between the two is that SAML attributes have an explict namespace for the attribute name, where as in SPML there is just the attribute name that could be a URI that included a namespace if desired.
> Jeff Bohren
> OpenNetwork Technologies
> 	-----Original Message----- 
> 	From: Mishra, Prateek [mailto:pmishra@netegrity.com] 
> 	Sent: Mon 3/15/2004 2:20 PM 
> 	To: security-services@lists.oasis-open.org 
> 	Cc: 
> 	Subject: [security-services] Attributes in SAML 2.0 and Alignment with SPML 1.0
> 	I have received the suggestion that our treatment of attributes in SAML 2.0
> 	be somewhat aligned with their treatment in SPML 1.0. As best as I can
> 	figure out, SPML 1.0 uses the DSML 2.0 elements <dsml:DsmlAttr> and
> 	<dsml:AttributeDescriptionValue> to represent X.500 attribute names and
> 	values as XML elements.
> 	Could anyone comment on the strengths and weaknesses of this approach?
> 	To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]