OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: In defence of XPath

On Wed, 2005-06-01 at 17:41 -0400, Conor P. Cahill wrote: 

> Anyway, the reasons why I think we should consider the alternative
> proposal I made include:
> 
>     a) It is a more general solution rather than one tied pretty
>        closely to the Liberty EP/PP services.
The current proposal (XPath) currently allows any XML document or
service.  However the primary use case is for Liberty services - do you
have other use cases outside of Liberty that are not solved with the
current XPath profile?

>     b) It supports the full, rich structure of the data that may
>        be present in the service (including any attributes on the
>        elements
The XPath profile allows returning xml documents in an attribute
statement - they do not have to be text nodes.  Only the minimum set
required are the text nodes.

>     c) it makes the data passed in the attribute match the format
>        that the consumer would normally be used to if they were
>        to access the service directly (e.g. we aren't making up
>        a new format for placing the data in the element)
We are both talking about xml content within the attribute values.  I
see no difference.

>     d) it enables full use of XML capabilities to represent
>        the data that would be returned to the SP

I must not be understanding your proposal correctly.  I thought you
wanted to change how the attributes are named, by schema namespace
instead of by XPath.  I see no difference between the values within the
attributes.  Perhaps an example query and resulting attribute statement
would would help.

Here is an example of how I understand your proposal:
Example XML document for John Doe:
<sample:body xmlns:sample="urn:saml:xpath:sample">
 <sample:foo>
  <sample:bar name="sample element1">value1</sample:bar>
 </sample:foo>
 <sample:foo>
  <sample:bar name="sample element2">value2</sample:bar>
 </sample:foo>
</sample:body>

Some mechanism provides an xpath query
of /sample:body/sample:foo/sample:bar

Resulting attribute statement:
<saml:AttributeStatement>
 <saml:Attribute>
  <saml:Attribute 
   NameFormat=”urn:oasis...uri”
   Name=”urn:saml:xpath:sample”>
    <saml:AttributeValue>
       <sample:bar name="sample element1">value1</sample:bar>
    </saml:AttributeValue>
    <saml:AttributeValue>
       <sample:bar name="sample element2">value2</sample:bar>
    </saml:AttributeValue>
  </saml:Attribute>
</saml:AttributeStatement>

Is this correct?
- Cameron

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]