common LDAP schemas to draw attribute definitions from

Cantor, Scott cantor.2 at
Tue Jul 2 09:24:02 EDT 2019

On 7/2/19, 9:11 AM, "Boyd, Todd M." <tmboyd1 at> wrote:

> I think it would also help with figuring out what the heck an attribute is for just by looking at it rather than needing to
> decipher a URN OID as Nate hinted at.

That's why SAML has a FriendlyName attribute for debugging and ease of identification.

Documentation is fine, but there is nothing that you can put at a URL that any software would ever have any idea what to do with, and nothing that wouldn't work just as well by defining it separately. The value of a URL to software is that information at the URL can change, but that's anathema to the kind of metadata one would have to associate with attributes, which are practically unchangeable if they're used interoperabilty. That's why we have a million identifiers; all the old ones are frozen technically.

> I believe Microsoft is using URL-based attributes for ADFS/SharePoint/etc., though it's using WS-Fed rather than SAML.

They use both, and WS-Federation is SAML 1.1 with different wrapping paper anyway.

But they made the names up and they have no precise technical definition anywhere that I am aware of. They mean whatever a particular person looking at them thinks they mean.
-- Scott

More information about the users mailing list