OpenSAML user discussion

[Budi Boentaran <>]

Hi Tom,

Thanks for the reply.

Each AttributeStatement will require Subject.
In the Subject you have name Identifier. and in the AttributeStatement
you have attribute name.

Isn't that redundant?

Cheers,

Budi

On 5/12/05, Tom Scavo 
<>
 wrote:
> On 5/12/05, Budi Boentaran 
> <>
>  wrote:
> >
> > What is the purpose/usage of NameIdentifier / NameQualifier in the 
> > Subject?
> 
> This is one case at least where the SAML names are transparent.
> NameIdentifier is a unique name (unique in the space of names known to
> the producing entity) for the Subject.  NameQualifier is an optional
> value used to qualify the Subject name, presumably to insure
> uniqueness in the space of names known to the consuming entity.
> 
> If you haven't done so already, you should read [SAMLCore] about the
> NameIdentifier element.  There you will find this example:
> 
> <NameIdentifier
>   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
>   
> 
> </NameIdentifier>
> 
> This example does not have a NameQualifier attribute, which suggests
> its lack of relative importance.  Usually the value of the
> NameQualifier attribute is the unique identifier (providerId) of the
> producing entity.  This qualifier travels around with the
> NameIdentifier wherever it goes.
> 
> The Format attribute shown in the example is very important.  It
> conveys to the consuming entity the underlying semantics of the
> NameIdentifier value.  A limited number of Formats are available in
> SAML 1.1.  More have been added in SAML 2.0.
> 
> Hopefully this is enough to get you started.
> 
> Tom
>