OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Semantics of no <Attribute>s in AttributeServiceDescriptor


The AttributeAuthorityDescriptor allows zero or more saml:Attribute elements, the semantics of which are defined in Metadata as
Zero or more elements that identify the SAML attributes supported by the authority.
The word 'supported' in the above could be interpreted as meaning that if an attribute authority receives a request for an attribute not on the metadata list , it must fail the request, i.e. 'I didn't say I supported it so I can't respond to a request for it.'
 
Since this seems wacky, I believe we need to clarify the above definition to something along the lines of:
Zero or more elements that identify the SAML attributes that the authority chooses to advertise support for. The omission of a particular attribute does not necessarily mean that the authority is incapable of supporting it.
This way, authorities can choose whether or not they advertise the fact that they suppport a particular attribute, as they might not wish to do for sensitive attributes.
 
Paul
 
 
-----------------------------------------------------------------
Paul Madsen
e:  p.madsen@entrust.com
p:  613-270-2632
c:  613-799-2632
Entrust
 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]