The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
AttributeValue XML content
Hi,
I begin to use SAML and I have a little problem thinking about one xml needed attribute.
The attribute is something like "isSalaryMoreThanX"
--------------------------------
Query:
<samlp:AttributeQuery>
<saml:Attribute Name=“isSalaryMoreThanX">
<saml:AttributeValue>
<isOver targetSalary="30000"/>
</saml:AttributeValue>
</saml:Attribute>
</samlp:AttributeQuery>
--------------------------------
Response:
<samlp:Response>
<saml:Attribute Name=“isSalaryMoreThanX">
<saml:AttributeValue>
<isOver targetSalary="30000">
true
</isOver>
</saml:AttributeValue>
</saml:Attribute>
</samlp:AttributeQuery>
--------------------------------
Is this attribute response/request correct?
Maybe there is another solution more academic?
Thanks.
Search
SUBSCRIBE
RECENT CONTENT
- SAML Wiki Knowledgebase
9 years ago - SAML 2.0 with java Sample
10 years ago - Govt Computer News: 'The power of one password'
10 years ago
1 reply - OASIS approves SAML 2.0 Errata
10 years ago
1 reply - IBM Pushes Federated Identity Management
10 years ago
1 reply - VMware Unveils Horizon App Manager
10 years ago
1 reply
AttributeValue XML content
(Please use the saml-dev mailing list for follow-up)
There is no current state of the art on doing "calculations" or "comparisons" over attribute values as a way to reduce information flow. I believe WS-Federation has some work in this area, haven't looked at it in detail. The idea is a sound one, but falls apart rapidly once you get beyond simple math.
In SAML, you are on your own handling complex values, and you would need precise profiling to use a query the way you're trying to, because absent a profile the rules say that value-filtering in queries is by direct XML comparison, not the kind of thing you're doing.
You also have to account for the fact that most apps and SAML implementations can't deal with complex values well.
Ok, thanks a lot. Is
Ok, thanks a lot.
Is mandatory for our application handling complex values, we are an Attribute Provider and our Service Providers ask us for a solution to give them not a specific value (impossible for our data protect legislation) buy yes some sort of range verification.