I think that I have some issues with this document.
1. I am reviewing the private copy that I was given by Sam. This document
has expired and should be republished - even with no changes - ASAP.
2. In section 3 - you state that the naming used in SAMLCORE has two parts
- a URI describing the format of the name
- the actual name in a format described above.
I believe this is totally incorrect. Based on my reading of the document an
attribute contains the following information:
- A string name of an attribute - with any luck this will be a uri
but there is no requirement that it be so
- a URI describing the format of the attribute value
- the actual attribute value
There are some additional fields that can be included such as a Friendly
Name (a string).
I think that above discrepancy has some drastic changes in parts of the
draft. Note that one of the things that is listed above is a text based
attribute name. Thus there is nothing that says that a single name cannot
be used by different IdPs in a different manner. I would not expect the
same to be true for a uri based attribute name. I think that this means you
need the following elements:
a) An (optional) IdP name to identify a domain that the attribute is coming
from
b) A text string identifying the attribute name -this may be pure text or it
may be a uri
c) A format for the attribute value
The question then arises should you query first the name for the value type
and then for the value?
Jim
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
