[OGSA-AUTHZ] Next Telecon
Tom Scavo
trscavo at gmail.com
Mon Oct 16 12:25:59 CDT 2006
On 10/16/06, Valerio Venturi <valerio.venturi at cnaf.infn.it> wrote:
>
> Attribute Authority Interface
> We've red the OASIS draft that we were pointed to in Washington OGF by
> Tom Scavo and found it good and detailed. It's pretty much like what we
> were thinking about, so we dont' think there's need for producing
> another doc which won't add much. We'll contact Tom with some concerns
> we have.
We look forward to your feedback regarding this draft document.
> VOMS first attribute
> Frank Siebenlist asked whether it would be possible to add a tag to mark
> the first of VOMS attributes (both in the context of Attribute
> Certificates and SAML Assertions) since it had a special semantic.
> Actually, it is the order of the attributes that is meaningfull in VOMS,
> not only the first. The voms client indeed have a mean of specyfing the
> entire order in which attributes appear. In the context of AC, this is
> not a problem since you can specify order in a ASN.1 SEQUENCE. It is in
> the context of a SAML Assertion, since despite the fact that most of the
> parser will return the child elements of AttributeStatement as they
> appear in the doc, this is not mandatoiry. So we are thinking about how
> to retain the same behaviour using SAML Assertion.
The ordering of Attribute elements in a SAML AttributeStatement is
unspecified. If an ordering is required, a new XML indexing attribute
is needed: index="1", index="2", etc. Can you explain why such an
ordering is required (or just point me to the relevant document where
this is discussed)?
Thanks,
Tom Scavo
NCSA/University of Illinois
More information about the ogsa-authz-wg
mailing list