OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - XPath Attribute Profile(draft-saml2-xpath-attribute-profile.sxw) uploaded

> It is perfectly reasonable in practice that a subject would have
> multiple attributes with the same identifier.  For example, a subject
> may have multiple attributes with a "...:role" identifier, each have a
> value that identifies a particular role with which the subject is
> identified.

I would call that a multi-valued attribute, not multiple attributes.

> From my reading of the SAML attribute query definition, an attribute
> query may contain only one instance of a given attribute
> identifier/format, but there is no such restriction on the response.

I guess thinking about it more, you're probably right.

> The wording implies that a multi-valued attribute will be returned with
> all its values, but that is different from multiple instances of a given
> attribute, each having a different value.

Definitely. The former is completely allowed, obviously.

I guess it's more that we encourage consistency in treating multiple values
for the same attribute to be expressed consistently. We pushed people to not
embed multiple values inside their own XML structure within a single
attribute value, and this is just the opposite.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]