On the wire, such an attribute would be formulated as follows: <saml:Attribute xmlns:xacmlprof="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML" xmlns:ldapprof="urn:oasis:names:tc:SAML:2.0:profiles:attribute:LDAP" xacmlprof:DataType="http://www.w3.org/2001/XMLSchema#anyURI" ldapprof:Encoding="LDAP" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" FriendlyName="isMemberOf"> <saml:AttributeValue xsi:type="xs:anyURI"> group://voservice.uiuc.edu/gisolve.org/uiuc.edu/geog602#student </saml:AttributeValue> </saml:Attribute> Note that the DataType has changed from string to anyURI. Everything else is the same as before. Tom On Feb 5, 2008 6:19 PM, Tom Scavo <trscavo@gmail.com> wrote:
On Feb 5, 2008 6:04 PM, Krzysztof Benedyczak <golbi@mat.uni.torun.pl> wrote:
Okay, let me propose the following compromise:
group://voservice.uiuc.edu/gisolve.org/uiuc.edu/geog602#student
In the case where the voservice is irrelevant or unnecessary, this reduces to
group:///gisolve.org/uiuc.edu/geog602#student
In fact, the syntax is exactly the same as the well-known file: URIs.
What do you think? Is this better?
Definitively.
Okay, great! Somebody should write this up before we change our minds! :-)
however at least partial compatibility with MACE-dir is tempting too - that's why we proposed @ notation.
I think we should give this profile our best shot, and then I'd be happy to carry it forward to MACE-Dir for further discussion.
Sounds good.
Okay, well, rather than wait until we have a document, unless somebody has any objections, I'll go ahead and float some ideas in the MACE-Dir mailing list and see what kind of push back we get.
Tom