OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Potential Erratum -- NameIDMappingResponse schema

Alas, I've noticed what appears to be a problem with the SAML 2.0 Core spec for the NameIDMapping protocol. Section 3.8.2 [lines 2721-2724] define the NameIDMappingResponseType as extending StatusResponseType with the addition of a choice of saml:NameID or saml:EncryptedID element. The schema does not indicate minoccurs="0", making exactly one of these elements required in any samlp:NameIDMappingResponse.
What is the response supposed to look like if an error Status is being returned? I would assume that the NameID/EncryptedID would have to be omitted, but the schema doesn't allow it.

Ari Kermaier | Senior Development Manager | +1.212.520.7304
Oracle Server Technologies | Identity Management & Security
444 Madison Avenue, Suite 300 | New York, NY 10022


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]