BaseID Name Identifiers
Peter Schober
peter.schober at univie.ac.at
Thu May 14 08:58:30 UTC 2020
* Ignacio Amoeiro Bosch <ignacio.amoeiro at extern.ibsalut.es> [2020-05-14 09:10]:
> Does Shibboleth supoprt BaseID Name Identifiers?
Looking at SAML 2.0 core, section 2.2.1:
"The <BaseID> element is an extension point that allows applications
to add new kinds of identifiers. Its BaseIDAbstractType complex type
is abstract and is thus usable only as the base of a derived type."
that doesn't sound to me like you could use that "as is" as there's no
fixed contend model defined. ("usable only as the base of a derived type").
As such I can't imagine any software including "support" for that out
of the box in a meaningful way.
> Or is equivalent to NameID?
No, though NameIDs (and the NameIDType) are based on the abstract
BaseID type, quoting from section 2.2.2:
"The NameIDType complex type is used when an element serves to
represent an entity by a string-valued name. It is a more restricted
form of identifier than the <BaseID> element and is the type
underlying boththe <NameID> and <Issuer> elements."
I.e., NameIDs have string values and are fully defined by SAML core.
BaseIDs have an abstract and complex type, with no standardised
content anyone could implement support for, AFAIU.
-peter
More information about the users
mailing list