[OGSA-AUTHZ] VO SAML Attribute Profile
Tom Scavo
trscavo at gmail.com
Tue Feb 5 18:17:25 CST 2008
On the wire, such an attribute would be formulated as follows:
<saml:Attribute
xmlns:xacmlprof="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
xmlns:ldapprof="urn:oasis:names:tc:SAML:2.0:profiles:attribute:LDAP"
xacmlprof:DataType="http://www.w3.org/2001/XMLSchema#anyURI"
ldapprof:Encoding="LDAP"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1"
FriendlyName="isMemberOf">
<saml:AttributeValue xsi:type="xs:anyURI">
group://voservice.uiuc.edu/gisolve.org/uiuc.edu/geog602#student
</saml:AttributeValue>
</saml:Attribute>
Note that the DataType has changed from string to anyURI. Everything
else is the same as before.
Tom
On Feb 5, 2008 6:19 PM, Tom Scavo <trscavo at gmail.com> wrote:
> On Feb 5, 2008 6:04 PM, Krzysztof Benedyczak <golbi at mat.uni.torun.pl> wrote:
> >
> > > Okay, let me propose the following compromise:
> > >
> > > group://voservice.uiuc.edu/gisolve.org/uiuc.edu/geog602#student
> > >
> > > In the case where the voservice is irrelevant or unnecessary, this
> > > reduces to
> > >
> > > group:///gisolve.org/uiuc.edu/geog602#student
> > >
> > > In fact, the syntax is exactly the same as the well-known file: URIs.
> > >
> > > What do you think? Is this better?
> >
> > Definitively.
>
> Okay, great! Somebody should write this up before we change our minds! :-)
>
> > >> however at least partial compatibility with MACE-dir is tempting
> > >> too - that's why we proposed @ notation.
> > >
> > > I think we should give this profile our best shot, and then I'd be
> > > happy to carry it forward to MACE-Dir for further discussion.
> >
> > Sounds good.
>
> Okay, well, rather than wait until we have a document, unless somebody
> has any objections, I'll go ahead and float some ideas in the MACE-Dir
> mailing list and see what kind of push back we get.
>
> Tom
>
More information about the ogsa-authz-wg
mailing list