OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [saml-dev] Custom URIs within urn:oasis:names:tc:SAML:2.0:ac:classes:

See below. I suggested the TC could make an official statement in its minutes of the next meeting that we didn't delegate the authority to create identifiers in any TC namespace to any outside organization.

I realize that may be a while, but something for the agenda whenever that is.

In the meantime, it might help to just have this thread to point to. I believe it to be the case that no such authority exists for any outside entity to create such URNs (and I mean anything, not AuthnContext classes, not NameID Formats, nor any other of the registered enumerations of values in the standard). If anybody on the TC believes otherwise, please indicate that.

-- Scott

-----Original Message-----
From: Peter Schober [mailto:peter.schober@univie.ac.at] 
Sent: Monday, June 20, 2016 8:43 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] Custom URIs within urn:oasis:names:tc:SAML:2.0:ac:classes:

Hey,

It seems the Italian government (or rather their "Agenzia per l'Italia
digitale", AgID) has defined and mantates use of custom URIs within
OASIS-owned namespaces, cf. the thread at:
https://groups.google.com/d/msg/simplesamlphp/JKLvHKihEbs/o2qgQcLyAwAJ

  urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL1
  urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL2
  urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL3

Is that an issue to take up for the OASIS SSTC or for OASIS proper --
the assignment having been made in the "Technical Committee Work
Products" namespace?  While RFC 3121 also mentions the possibility of
delegation:

  Assignment is limited to the owner and those authorities that are
  specifically designated by the owner.  OASIS will assign portions
  of its namespace (specifically, those under the members hierarchy)
  for assignment by other parties.

that reads like it would be limited to the members hierarchy (?) and I
doubt the specific values above have been delegated. (Is there a
public registry of delegated identifiers?)

If you could provide a comment on that practice (or would prefer to
have someone else within OASIS provide that comment) I'd send a
reference to the archived reply to some Italian contacts (outside
AgID).
Not that I'd expect them to change their published technical
documentation at this point...

-peter

---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]