OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] XPath Attribute Profile

On Wed, 2005-06-01 at 11:38 -0400, Conor P. Cahill wrote:

> So, to clarify, I'm proposing that we:
>       * name the attribute using the namespace (or, prerhaps the
>         schema) for the service
>       * place service document into the attribute value rather than
>         making this look like single valued attribute.
> Conor

That certainly can be done.  It doesn't really solve the used cases I
originally intended to solve with this proposal (See use cases here:

Namely, use case 1:
   SAML attributes from existing liberty data services 
Attribute Authorities can use the existing liberty data services,
employee profile (EP) and personal profile (PP), to create attribute
statements in assertions.  Specifically, each leaf node can be
identified and asserted.  (more nodes would be useful but the text nodes
is really what I'm after.  These profiles enumerate an XPath for each
text node). 
Here are some reasons:
- Different access rights can apply to different parts of the document.
So I'd like to be able to assert parts of the document and not the whole
- Liberty data services suggest using xpath for queries.  Supporting
xpath in SAML makes an easy pass through to call Liberty services.
- Leaf/text nodes are what I'm after here, I don't want other service
providers to have to know what an EP or PP document looks like in order
to use the values in them.  (Thus, the document defines that the
supported set of xpaths must include all text nodes.  If an SP does have
special knowledge of EP or PP then the SP can request additional xpaths,
including the root node for the entire document)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]