Subject: Re: [security-services] Attributes in SAML 2.0 and Alignment withSPML 1.0
On Mon, 15 Mar 2004, Mishra, Prateek wrote: > I have received the suggestion that our treatment of attributes in SAML > 2.0 be somewhat aligned with their treatment in SPML 1.0. As best as I > can figure out, SPML 1.0 uses the DSML 2.0 elements <dsml:DsmlAttr> and > <dsml:AttributeDescriptionValue> to represent X.500 attribute names and > values as XML elements. > > Could anyone comment on the strengths and weaknesses of this approach? This may be moot, but as regards attribute naming, as far as I can tell DSML makes the naive assumption that attributes can be well-named by their LDAP string descriptors (eg, "cn"). This is really inadequate for reasons I wrote about in my attribute-naming proposal document. - RL "Bob"