security-services message

Subject: Re: [security-services] On allowing multiple value types for an attribute

From: "Cantor, Scott" <cantor.2@osu.edu>
To: Hal Lockhart <hal.lockhart@oracle.com>, Mohammad Jafari <mjafari@edmondsci.com>, "security-services@lists.oasis-open.org" <security-services@lists.oasis-open.org>
Date: Wed, 26 Nov 2014 17:48:05 +0000

On 11/26/14, 5:38 PM, "Hal Lockhart" <hal.lockhart@oracle.com> wrote:

>I think he is referring to section 3.3.4 which says the response to any 
>of the Query requests must contain a subject which matches the subject in 
>the query. I don't see any practical way to do an attribute query without 
>specifying an identifier element. Otherwise whose attributes should be 
>returned?

You could pass a SC element with a key in it, to use one example, or it 
could be front-channel with a bearer SC in it.

But in any case, the rule for a Response to a query isn't necessarily 
something that has to apply to any assertion created with an attribute 
statement in it. Though it seems that we did in fact required Subject (but 
not an ID) for that.

-- Scott

Follow-Ups:
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Mohammad Jafari <mjafari@edmondsci.com>

References:
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Mohammad Jafari <mjafari@edmondsci.com>
- Re: [security-services] On allowing multiple value types for an attribute
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Mohammad Jafari <mjafari@edmondsci.com>
- Re: [security-services] On allowing multiple value types for an attribute
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- RE: [security-services] On allowing multiple value types for an attribute
  - From: Hal Lockhart <hal.lockhart@oracle.com>