[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: NHIN Exchange <Subject> question
Eric, I'm not sure what the issue is that you still have. The spec only allows a single Subject element within the assertion and that subject applies to all attribute statements within that assertion. The example you gave with an assertion within an assertion does not change the requirements for each assertion to independently meet the requirements of the specification. So the Assertions that you placed into the <Evidence> element must be able to validate without the surrounding assertion and therefore need their own Subjects, even if the Subject is the same subject as the surrounding assertion. There is no inheritance in recursive assertions. Please note that it's also very possible for the Subjects in the Assertions within the <Evidence> element to be different subjects (for many possible reasons -- different subject confirmations, different identities, etc.). Conor -----Original Message----- From: Eric Heflin [mailto:eheflin@medicity.com] Sent: Tuesday, January 11, 2011 1:25 PM To: Cantor, Scott E.; saml-dev@lists.oasis-open.org Subject: [saml-dev] RE: NHIN Exchange <Subject> question All, This issue is highly important to the NHIN Exchange. It is currently blocking a state health information exchange from joining the NHIN Exchange, and two vendors (perhaps more) are in a holding pattern depending on the authoritative resolution to this issue. What is the proper path for getting a consensus initial opinion and ultimately an authoritative statement on this (and some closely related) topics? Would it be helpful if I provided revised SAML text intended to replace the existing text? Eric Heflin Dir of Standards and Interoperability Medicity THE Standard for Meaningful HIE. www.medicity.com 801.415.2672 (o) 801.674.2313 (m) eheflin (Skype) -----Original Message----- From: Eric Heflin Sent: Friday, January 07, 2011 9:44 AM To: 'Cantor, Scott E.'; saml-dev@lists.oasis-open.org Subject: RE: NHIN Exchange <Subject> question Scott, Thanks for the fast response. Here's the ambiguity: Since a SAML assertion can have multiple <Subject>s, the quoted text ambiguous since it is not clearly specifying which <Subject> is being referenced as being required. -----Original Message----- From: Cantor, Scott E. [mailto:cantor.2@osu.edu] Sent: Friday, January 07, 2011 9:27 AM To: Eric Heflin; saml-dev@lists.oasis-open.org Subject: RE: NHIN Exchange <Subject> question > Interpretation A (Only one <Subject> element is required): One > interpretation is that a SAML Assertion with an <AttributeStatement> > element does not need a <Subject> element -inside- any child > <Assertion> elements containing the <AttributeStatement>, but that > such a SAML Assertion does require a <Subject> element at the root > <Assertion>/<Subject> level. That directly contradicts the text you're quoting. > <!-- Does not contain a subject, because there is one in the > encompassing assertion and this assertion is about the > same subject -> There is no relationship between those assertions, so they certainly don't inherit anything between them. > Interpretation B That is the one that actually follows the text of the spec. -- Scott --------------------------------------------------------------------- To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]