Subject: Re: [security-services] XPath Attribute Profile: XPath as anIdentifier
I follow you know - thanks. In the NameFormat we can't reference the DST because it doesn't define any restriction of XPath. We really shouldn't reference the service (in the nameFormat) because it doesn't restrict the XPath - it just defines the minimum.
So lets propose two possible name formats:
NameFormat="http://www.w3.org/TR/1999/REC-xpath-19991116" For generic xpath 1.0
NameFormat="urn:oasis:names:tc:SAML:xpath-id" for restricted xpath as an uniqueID
>>>"Eve L. Maler" <Eve.Maler@Sun.COM> 04/07/05 1:28 pm >>>
Hi Cameron-- You might be going farther than I intended to go. What
I mean by a URI "representing" these meanings is just that the
NameFormat is supposed to explain how to interpret the Name, and it
doesn't, in standalone fashion, have to actually convey the set of
valid/possible names -- it just has to convey that such a set
exists. In other words, it's just a category.
So if you see a NameFormat of "urn:fooW3Cwhatever:XPath1.0", you
know that the name might be an arbitrary XPath V1.0 path into some
document, potentially with no connection to valid DST usage. If you
see a NameFormat of "urn:fooLibertywhatever:aDSTflavorofXPath" you
know that the Name will be an XPath derived from a set governed by
the relevant DST resource's metadata.