[x500standard] Re: SAML V2.0 X.500/LDAP Attribute Profile


Erik,

Erik Andersen wrote:

Hi Folks
OASIS is working on a X.500 attribute profile. As an X.500 group we may have comments on this work. The latest profile may be found on. If we had an XLM representations of our attributes, how would they differ from the SAML 2 profile? 

In early discussions I had with Bob Morgan regarding the profile's Encoding
attribute it was intended to allow for alternative encodings. I had in mind
BER, GSER and RXER (XML) as the alternative encodings. However, according to
Scott Cantor (the profile editor), the scope of the current profile is strictly
just directory attributes in their LDAP-specific encoding, hence the only
allowed value for the Encoding attribute is "LDAP". Alternative encodings
would have to be the subject of some future revision of the profile, or a
separate profile.

In the current profile, an XML element that is contained in an LDAP attribute
value must either have the markup escaped so that the value conforms to the
xsd:string type, or the entire value must be base64 encoded so as to conform
to the xsd:base64Binary type. In both cases the element appears as character
data in the Infoset representation of the SAML assertion rather than naturally
as an element information item. My thinking behind an "RXER" Encoding value
would allow XML elements in the RXER encoding of directory attribute values
to appear naturally as child elements of the SAML <AttributeValue> element.

Regards,
Steven




http://www.oasis-open.org/committees/download.php/27565/sstc-saml-attribute-x500-cd-03.pdf


I noticed that Abbie is one of the editors.
Is there or should there be any relationship between SAML 2 and X.500/LDAP (beyond X.509)? 
Erik Andersen

Andersen's L-Service

Mobile: +45 20 97 14 90

e-mail: era@xxxxxxx <mailto:era@xxxxxxx>

http://www.x500.eu <http://www.x500.eu/>

http://www.x500standard.com/


-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

Other related posts: