On Jan 21, 2008 7:10 PM, Krzysztof Benedyczak <golbi@mat.uni.torun.pl> wrote:
In any case we must clearly define syntax of a group name (e.g. currently our service does allow for ':' in it) and comparison rules (as case sensitiveness).
Why not use the naming and comparison rules of the SAML Basic Attribute? (See sections 8.1.2 and 8.1.2.1 of [SAML2Prof].) No need to reinvent the wheel here. In case of SAML attribute's name you are of course right. But I was thinking about SAML attribute's *value* (group's name in this case).
Right, I know. All I was suggesting is that the same naming and comparison rules could apply in the case of group names. The rules are well defined (in the XML Schema spec) so why not leverage them straightaway (like the SSTC did in the case of Basic Attribute). Tom