OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: Wednesday, March 18, 2009 12:13 PM
To: 

Subject: RE: [OpenSAML] Handling AttributeStatement content

Pantvaidya, Vishwajit wrote on 2009-03-18:
> Is there any recommended general purpose way to process different
Attribute
> contents and extract the we need from that.

I don't understand the question. If you're dealing with XML, you have access
to the objects that make up the attribute value, and it's up to you to
consume them.

[Pantvaidya, Vishwajit] The scenario is where my system needs to be able to 
authenticate using a preexisting 3rdparty auth server. Typically, my system 
just needs the email attribute. But the auth server is sending a more complex 
object. So in general, I need ability to process arbitrary xml objects and 
extract what I need from them.
I did look this up and it seems that the XmlObject returned is an xmlbeans 
object. So I guess I should be able to use xpath/xquery to do my job.

> Alternatively are there any standards around Attribute content itself that
> we can implement and expect the identifying parties to follow?

Only in specific communities, and much less so with SAML 1.1.

I don't really understand why you're implementing a standard that's been
superseded for nearly 4 years either. When you have to, you have to, but you
don't *just* implement the out of date one.

[Pantvaidya, Vishwajit] That's what we have right now - and I am just 
migrating to OpenSAML. Next thing we will do is add SAML2 support.
 
-- Scott

[Pantvaidya, Vishwajit] Thanks.