Re: [Identity-dev] SAML2.0 Support

Wed, 06 Feb 2008 23:51:27 -0800 

Hi Dimuthu,

I think following the general approach as you mentioned is correct.
In this approach I think the value of the "NameFormat" attribute should be the dialect URI of the claim. I think this is similar to the ArributeNamespace in SAML 1.x 

For example IMHO the following SAML 1.x attr in an attr stmt :


<saml:Attribute 
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; 
AttributeName="givenname">

        <saml:AttributeValue>Foo</saml:AttributeValue>
</saml:Attribute>

should be (in SMAL 2.0) :


<saml:Attribute 
NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; 
Name="givenname">

        <saml:AttributeValue>Foo</saml:AttributeValue>
</saml:Attribute>


Thanks,
Ruchith

Dimuthu Leelarathne wrote:

Hi all,

This mail is about AttributeStatement in SAML2.0

Let me quote from 3.3.3 section of the specification [1].

"Similarly to name identifier formats, attribute names are also
qualified with a format label which indicates how the attribute name is
to be interpreted. In both of the cases here (lines 3 and 10), the
name format is not one of those predefined by SAML, but is rather
defined by a third party, SmithCo. This is a fairly artificial example,
and interoperability would increased by either the use of one of SAML's
attribute profiles or the formal definition of a third-party attribute
profile."

I googled a lot and I concluded that there are no profiles/bindings
specifically defined for SAML2.0 behavior, therefore I decided to take
the general approach defined in this specification [1] - line number is
429.

Please raise your objections and comments.

[1]http://www.oasis-open.org/committees/download.php/14361/sstc-saml-tech-overview-2.0-draft-08.pdf

Thank you,
Dimuthu




_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev







Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev






















					Reply via email to