shibboleth-dev - attribute URIs
Subject: Shibboleth Developers
List archive
- From: "RL 'Bob' Morgan" <>
- To: Shib Design Team <>
- Cc: Keith Hazelton <>
- Subject: attribute URIs
- Date: Thu, 12 Jun 2003 07:26:11 -0700 (PDT)
OK, here's my (last, I promise) shot at this. Unfortunately I'll be
off-line today, but back this evening PDT.
(Not copying mace-dir list yet ...)
Despite being the one who promoted the XACML document-based approach, upon
reflection I think it just doesn't work. It doesn't even meet a simple
test of non-ambiguity, since multiple IETF docs define (or refer to) the
same attrs, and those attrs may be defined (or referred to) in non-IETF
docs as well. So the text in the XACML spec doesn't guarantee that two
URI-definers will choose the same URI for a given X.500-defined attr. So
you'd need a registry even with that scheme.
So we should just step up and realize we have a registry of attr type
URNs. That registry can put them in:
urn:mace:dir:attribute-type:<well-known-short-name-of-attr-type>
eg
urn:mace:dir:attribute-type:eduPersonPrincipalName
or
urn:mace:dir:attribute-type:cn
and our registry docs can refer to the specs/OIDs/etc on which these are
based, as Walter's doc has started to do. (I could be talked into using
"attr-type" instead of "attribute-type".)
This avoids the "not yet defined in a doc" problem, and lets us register a
URN for anything we want. Obviously these are MACE-specific, but there's
no way around that at this point that I can see, other than urn:oid, which
we find unpalatable. For eduperson attr-types at least, I think it's
consistent with the OID assignment we already do.
Other urn:mace registrants can do the same if they want (eg the Swiss).
Eventually there might be a similar IANA registry (see
draft-mealling-iana-urn-04.txt) corresponding to the LDAP-attr-short-name
registry they already run, but it doesn't exist yet and I wouldn't want to
presume one.
Yes?
- RL "Bob"
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- attribute URIs, RL 'Bob' Morgan, 06/12/2003
- RE: attribute URIs, Scott Cantor, 06/12/2003
- RE: attribute URIs, RL 'Bob' Morgan, 06/13/2003
- Re: attribute URIs, Keith Hazelton, 06/13/2003
- RE: attribute URIs, Scott Cantor, 06/13/2003
- Re: attribute URIs, Keith Hazelton, 06/13/2003
- RE: attribute URIs, Scott Cantor, 06/13/2003
- RE: attribute URIs, Scott Cantor, 06/13/2003
- Re: attribute URIs, Keith Hazelton, 06/13/2003
- RE: attribute URIs, RL 'Bob' Morgan, 06/13/2003
- RE: attribute URIs, Scott Cantor, 06/12/2003
- RE: attribute URIs, Steven_Carmody, 06/12/2003
- Re: attribute URIs, Keith Hazelton, 06/12/2003
- RE: attribute URIs, Scott Cantor, 06/12/2003
- Re: attribute URIs, Keith Hazelton, 06/12/2003
- RE: attribute URIs, Steven_Carmody, 06/12/2003
- RE: attribute URIs, Scott Cantor, 06/12/2003
Archive powered by MHonArc 2.6.16.