[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] XPath Attribute Profile
On Wed, 2005-06-01 at 11:38 -0400, Conor P. Cahill wrote: > So, to clarify, I'm proposing that we: > * name the attribute using the namespace (or, prerhaps the > schema) for the service > * place service document into the attribute value rather than > making this look like single valued attribute. > Conor That certainly can be done. It doesn't really solve the used cases I originally intended to solve with this proposal (See use cases here: http://www.oasis-open.org/apps/org/workgroup/security/email/archives/200504/msg00044.html). Namely, use case 1: SAML attributes from existing liberty data services Attribute Authorities can use the existing liberty data services, employee profile (EP) and personal profile (PP), to create attribute statements in assertions. Specifically, each leaf node can be identified and asserted. (more nodes would be useful but the text nodes is really what I'm after. These profiles enumerate an XPath for each text node). Here are some reasons: - Different access rights can apply to different parts of the document. So I'd like to be able to assert parts of the document and not the whole thing. - Liberty data services suggest using xpath for queries. Supporting xpath in SAML makes an easy pass through to call Liberty services. - Leaf/text nodes are what I'm after here, I don't want other service providers to have to know what an EP or PP document looks like in order to use the values in them. (Thus, the document defines that the supported set of xpaths must include all text nodes. If an SP does have special knowledge of EP or PP then the SP can request additional xpaths, including the root node for the entire document) Cameron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]