Erik, Erik Andersen wrote:
Hi FolksOASIS is working on a X.500 attribute profile. As an X.500 group we may have comments on this work. The latest profile may be found on. If we had an XLM representations of our attributes, how would they differ from the SAML 2 profile?
In early discussions I had with Bob Morgan regarding the profile's Encoding attribute it was intended to allow for alternative encodings. I had in mind BER, GSER and RXER (XML) as the alternative encodings. However, according to Scott Cantor (the profile editor), the scope of the current profile is strictly just directory attributes in their LDAP-specific encoding, hence the only allowed value for the Encoding attribute is "LDAP". Alternative encodings would have to be the subject of some future revision of the profile, or a separate profile. In the current profile, an XML element that is contained in an LDAP attribute value must either have the markup escaped so that the value conforms to the xsd:string type, or the entire value must be base64 encoded so as to conform to the xsd:base64Binary type. In both cases the element appears as character data in the Infoset representation of the SAML assertion rather than naturally as an element information item. My thinking behind an "RXER" Encoding value would allow XML elements in the RXER encoding of directory attribute values to appear naturally as child elements of the SAML <AttributeValue> element. Regards, Steven
I noticed that Abbie is one of the editors.Is there or should there be any relationship between SAML 2 and X.500/LDAP (beyond X.509)?Erik Andersen Andersen's L-Service Mobile: +45 20 97 14 90 e-mail: era@xxxxxxx <mailto:era@xxxxxxx> http://www.x500.eu <http://www.x500.eu/> http://www.x500standard.com/
----- www.x500standard.com: The central source for information on the X.500 Directory Standard.