[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: normative text from XACML Profile for SAML V2.0 Attributes
Colleagues, Just so you won't have to open up a separate document, here, for quick reference is the normative text from the "XACML Profile for SAML V2.0 Attributes" that we want to submit to the SSTC. --------------------Normative Text Begin------------------------- 2 Data Type {Normative} XACML requires each Attribute to have an explicit data type. To supply this data type value, a SAML Attribute to be used as input to an XACML processor SHALL have the following metadata provided. <xs:attribute name="DataType" type="xs:anyURI" use="optional" default="http://www.w3.org/2001/XMLSchema#string"/> The standard values for the DataType attribute are specified in Appendix A of the XACML 2.0 Specification [XACML]. If non-standard values are used for the DataType attribute , each XACML PDP that will be consuming Attributes with these new DataType values must be extended to support the new data types. 3 Attribute Identifiers {Normative} XACML requires each Attribute to have a single identifier that is sufficient to distinguish instances of the Attribute from instances of other Attributes that have different semantics. In SAML 2.0, two standard identifiers - Name and NameFormat - are required to distinguish two Attributes that may have different semantics. SAML 2.0 also allows the use of arbitrary additional identifiers. In order to map a SAML Attribute to an XACML Attribute, there must be a canonical way to generate a single XACML Attribute identifier from the set of SAML attributes that are sufficient to distinguish instances of the SAML Attribute that have different semantics. In order to satisfy this requirement, a SAML Attribute that is to be used as input to an XACML processor SHALL have a NameFormat value of "urn:oasis:names:tc:SAML:2.0:attname-format:uri". The value of the SAML Attribute's Name attribute SHALL be a URI or URI reference that is sufficient to distinguish instances of this Attribute from instances of other SAML or XACML Attributes that have different semantics. Additional attributes not necessary for distinguishing the SAML Attribute semantics MAY be used in the SAML metadata, but will not be used in the corresponding XACML Attribute. --------------------Normative Text End------------------------- Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]