OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comment on metadata-02e...

In the update for SPSSODescriptor, the <AttributeConsumingService> states:


“At most one <AttributeConsumingService> element can have the attribute isDefault set to

true. When multiple elements are specified and none has the attribute isDefault set to true, then the

first element whose isDefault attribute is not set to false is to be used as the default. If all elements

have their isDefault attribute set to false, then the first element is considered the default.”


I think I disagree with the last sentence.  I think that if no element is marked as the default, there should be NO default. Since the indices are used in an AuthnRequest so that an SP can request one collection of attributes per transaction, I don’t see a way for me to request that NO attributes be sent in the response assertion.  If I don’t provide an index in my AuthnRequest, isn’t it always going to send either the first set (if all “isDefault” values are false), or the first one it finds with isDefault set to true?


I need a way to say that some applications might not need attributes at all, so don’t bother sending them, while others do need them.


Am I missing something?

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]