Skip to Content.
Sympa Menu

mace-opensaml-users - Re: NameIdentifier / Name Qualifier

Subject: OpenSAML user discussion

List archive

Re: NameIdentifier / Name Qualifier


Chronological Thread 
  • From: Budi Boentaran <>
  • To:
  • Subject: Re: NameIdentifier / Name Qualifier
  • Date: Thu, 12 May 2005 20:06:01 +0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IUFQrXHV1SCxiA7p2S+/zHWW6aR8NhCwr7QG8T/+JB96knWcMqcRqNDwlJGFn9VuEpwVpicG8KIEgsIV2pfNFWkCSyvxTKnGFsLouOE5JIKYmNoMroArAcoWMqaoGyJthL7Q/9p6NPh08JODxvRO1wsIvZKOzRiH2cZZ94vPX4o=

Hi Tom,

Thanks for the reply.

Each AttributeStatement will require Subject.
In the Subject you have name Identifier. and in the AttributeStatement
you have attribute name.

Isn't that redundant?

Cheers,

Budi

On 5/12/05, Tom Scavo
<>
wrote:
> On 5/12/05, Budi Boentaran
> <>
> wrote:
> >
> > What is the purpose/usage of NameIdentifier / NameQualifier in the
> > Subject?
>
> This is one case at least where the SAML names are transparent.
> NameIdentifier is a unique name (unique in the space of names known to
> the producing entity) for the Subject. NameQualifier is an optional
> value used to qualify the Subject name, presumably to insure
> uniqueness in the space of names known to the consuming entity.
>
> If you haven't done so already, you should read [SAMLCore] about the
> NameIdentifier element. There you will find this example:
>
> <NameIdentifier
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
>
>
> </NameIdentifier>
>
> This example does not have a NameQualifier attribute, which suggests
> its lack of relative importance. Usually the value of the
> NameQualifier attribute is the unique identifier (providerId) of the
> producing entity. This qualifier travels around with the
> NameIdentifier wherever it goes.
>
> The Format attribute shown in the example is very important. It
> conveys to the consuming entity the underlying semantics of the
> NameIdentifier value. A limited number of Formats are available in
> SAML 1.1. More have been added in SAML 2.0.
>
> Hopefully this is enough to get you started.
>
> Tom
>



Archive powered by MHonArc 2.6.16.

Top of Page