On 10/16/06, Valerio Venturi <valerio.venturi@cnaf.infn.it> wrote:
Attribute Authority Interface We've red the OASIS draft that we were pointed to in Washington OGF by Tom Scavo and found it good and detailed. It's pretty much like what we were thinking about, so we dont' think there's need for producing another doc which won't add much. We'll contact Tom with some concerns we have.
We look forward to your feedback regarding this draft document.
VOMS first attribute Frank Siebenlist asked whether it would be possible to add a tag to mark the first of VOMS attributes (both in the context of Attribute Certificates and SAML Assertions) since it had a special semantic. Actually, it is the order of the attributes that is meaningfull in VOMS, not only the first. The voms client indeed have a mean of specyfing the entire order in which attributes appear. In the context of AC, this is not a problem since you can specify order in a ASN.1 SEQUENCE. It is in the context of a SAML Assertion, since despite the fact that most of the parser will return the child elements of AttributeStatement as they appear in the doc, this is not mandatoiry. So we are thinking about how to retain the same behaviour using SAML Assertion.
The ordering of Attribute elements in a SAML AttributeStatement is unspecified. If an ordering is required, a new XML indexing attribute is needed: index="1", index="2", etc. Can you explain why such an ordering is required (or just point me to the relevant document where this is discussed)? Thanks, Tom Scavo NCSA/University of Illinois