OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] SAML Issuer changes



On Tue, 2004-03-09 at 12:07, Anne Anderson wrote:
> The current SAML 2.0 draft defines the Issuer element in an
> Assertion as being of NameIdentifierType.  Previously it was
> "xsi:string".
> [...]
>
> I suggest we add an optional IssuerFormat XML attribute to our
> AttributeType as follows:
> 
> 	<xs:complexType name="AttributeType">
> 		<xs:sequence>
> 			<xs:element ref="xacml-context:AttributeValue"/>
> 		</xs:sequence>
> 		<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> 		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> 		<xs:attribute name="Issuer" type="xs:string" use="optional"/>
>         <xs:attribute name="IssuerFormat" type="xs:anyURI" use="optional"/>
> 		<xs:attribute name="IssueInstant" type="xs:dateTime" use="optional"/>
> 	</xs:complexType>

I'm not really sure what use this is to XACML. The only place that the
issuer gets used is when a designator or selector wants to (optionally)
require a particular issuer. This is done via a simple string
comparison. Are you suggesting that the IssuerFormat would somehow be
used in this comparison, or is this useful for something else? If you
want to use the IssuerFormat in this retrieval comparison, then you
probably also have to change designators and selectors to specify this
information, and reject formats that don't match (ie, when the Attribute
uses one format and the designator/selector uses another). We'll also
need to define standard format types and how comparisons work (or at
least reference those in SAML or some other standard). This is a lot of
work, and a fair change to how XACML works today.

Is this what you had in mind, or was there a different use-case to
support your proposed change? Could you provide some specific details
about why this change would be useful?


seth



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]