On 11/28/11 11:04 AM, "Sam Hartman" <[email protected]> wrote:
>The actual URNs in the current doc are completely wrong. In particular >for anything shared I don't think the string gss-eap should appear. Ok. >GSS-API naming extensions has two value forms. The first is intended as >a raw form, presumably XML. The second is a display value and is >implementation dependent. You get both when you get a name >attribute. (Well, you can request one or both). Ok, then I suspect we should probably provide guidance, possibly going so far as a MUST as to how to handle that. In particular, you presumably want the XML to be well-formed, so that creates additional work for the mechanism or whatever's creating the name attribute to serialize it safely. If the XML is the "raw" form, then the question is what the display form would be. When something like Shibboleth decodes the XML into something easily string-able, it does that by turning it from SAML into a local attribute, which wouldn't address this question. It could be left implementation dependent what the display name for the raw SAML is, or one could say that for the common case of a simple-valued element, you just use the text content of the element, otherwise undefined. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
