[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML 2 Profile Schema Proposal...
One of my action items has been to propose a provisioning
schema mechanism for the SAML 2.0 Profile for SPML 2.0. I propose that
for simple attributes we use something similar to the schema mechanism provided
by the DSML Profile, but simplified a little. I am proposing two profile specific elements (we can define
a namespace such as urn:oasis:names:tc:SPML:2:0:Fed): objectDef
- defines a PSO object class attributeDef – defines a set
of attribute definitions Thus a list target response could look like: <spml:listTargetsResponse
xmlns:spml="urn:oasis:names:tc:SPML:2:0"
xmlns:spmlfed="urn:oasis:names:tc:SPML:2:0:Fed"
xmlns:saml=" urn:oasis:names:tc:SAML:2.0:assertion"> <spml:target targetID="urn:acme:sp1"> <spml:schema> <spmlfed:schema> <spmlfed:objectDef
name="urn:acme:partner">
<spmlfed:attributeDef name="uid"
required="true"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
<spmlfed:attributeDef name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
</spmldsml:objectDef> <spmlfed:schema> </spml:schema> </spml:target> </spml:listTargetsResponse> This example is for basic SAML attributes, which is what is
most commonly used. For completeness we should also cover other SAML attribute
formats as well.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]