Shibboleth Developers

[Keith Hazelton <>]

RL"Bob:"

By your silence, I take it you don't go for the  
urn:mace:dir:eduperson:*   approach for which I tried to make a case:

> The reason I think it's ok to put things like cn and mail under the  
> eduperson arc is because the eduPerson spec points to the relevant  
> defining rfcs or to x.520 if there's no rfc, for each of these person,  
> orgPerson and inetOrgPerson attributes. The eduPerson spec even adds  
> some notes on usage that amount to profiling their use in higher ed  
> within the bounds of the x.520/rfc definitions.

If the eduperson arc is out, how about "*:attribute-name:cn" etc. since  
we seem to agree that what these things like "cn" and "mail" are are  
short names for attribute types (types in the X.520 sense).

             Strawgrasper Keith
__________________________________
On Friday, Jun 13, 2003, at 11:42 America/Chicago, RL 'Bob' Morgan  
wrote:

> On Thu, 12 Jun 2003, Scott Cantor wrote:
>
> > > So we should just step up and realize we have a registry of
> > > attr type URNs.  That registry can put them in:
> > >
> > >   urn:mace:dir:attribute-type:<well-known-short-name-of-attr-type>
> >
> > I really, really don't want to call this attribute-type. It's not a
> > type. It's an attribute. The type is "string", or "integer", or "ASN.1
> > blob in format x". Calling it type will really confuse things because
> > SAML doesn't treat it as a type, and in fact we have to define a type
> > when we send the attributes that isn't the same concept at all.
> >
> > Even LDAP has types, doesn't it? I thought the object class had
> > attributes in it, and those attributes have a type, and a short name,
> > and an OID.
>
> This is just a terminology clash, then.  "Attribute type" is precisely  
> the
> phrase used in X.500 and LDAP for this entity.  X.520 is "Information
> technology   Open Systems Interconnection   The Directory: Selected
> attribute types".  It says, eg, "The Common Name attribute type  
> specifies
> an identifier of an object."  The bare word "attribute" refers to an
> actual instance of the thing that holds the data in an actual  
> directory.
>
> I suppose my intent with "urn:mace:dir:attribute-type:" was to have a  
> URN
> that could refer to both the LDAP-context-defined and
> SAML/XML-context-defined object with the same semantic.  I guess
> "attribute-type" is too overloaded.  Just "attribute" is already
> overloaded of course, since in XML it means something else.  I could  
> live
> with "attribute-def", but of course that means changing things ...
>
>  - RL "Bob"
>
> ------------------------------------------------------mace-shib- 
> design-+
> For list utilities, archives, subscribe, unsubscribe, etc. please  
> visit the
> ListProc web interface at
>
>     http://archives.internet2.edu/
>
> ------------------------------------------------------mace-shib- 
> design--
________________________________________________________
Keith Hazelton                  Senior IT Architect, UW-Madison
(608) 262-0771                  Division of Info. Technology
(608) 877-0977 (home)           1210 W. Dayton St., rm. 2164
http://arch.doit.wisc.edu/keith      Madison, WI  53706

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--