OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposal: Query Extension for SAML AuthnReq

> I stand enlightened on this one. Yes, permitting multioccurrence
> of <RequestedAttribute> inside <authnRequest> seems like
> good solution. This even parallels the <RequestedAuthnContext>
> nicely. The fact that <RequestedAttribute> is part of metadata
> schema is not a problem, I presume.

No, that's not a problem, but I'm generally wary of embedding a sequence of
anything directly as an extension, so I anticipated people would want to
define a wrapper element to carry them.

The direct analogy to the protocol schema Extensions element is the SOAP
Header, wherein you have to wrap your extensions in a header block.

It is admittedly a bit of work to define, a schema and additional namespace
would be necessary as part of the extension profile. Annoying but probably
worth the effort.

> Any opinions on the interrim solution?

Probably we would need some normative language about whether to treat the
extension as mandatory (meaning if you understand it, do you return an error
if you can't satisfy the attribute request?). Currently the metadata
equivalent is expressly optional to enforce.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]