Shibboleth Developers

["Scott Cantor" <>]

> However, we'd like some guidance on what namespace to use.  The current
> one, urn:mace:shibboleth:1.0:attributeNamespace:uri, is defined, amongst
> other things, to indicate that the attribute name is a URI.  People are
> almost certainly not going to define attributes in their resolver and
> filter policies in URI notation because it's needlessly verbose.  So,
> what namespace should we use?  One option is to use the SAML 2
> "unspecified" URI (this in in fact what we do for SAML 2).

Just to clarify further, what we mean by this is that if you don't tell the
IdP anything about how to treat the attribute in SAML 2, you get the
"unspecified" NameFormat on the wire.

OTOH, when you write mapping rules and actually define SAML 2 wire encoding
rules and so forth, the default is to use the "URI" NameFormat value, to
minimize data entry for people following our "use URIs for names" mantra.

The problem we have is that SAML 1 doesn't allow the Namespace to be omitted
for attributes, and there is no "unspecified" constant to use, so there
isn't an obvious choice to use if no behavior is specified.

-- Scott