BaseID Name Identifiers
peter.schober at univie.ac.at
Thu May 14 08:58:30 UTC 2020
* Ignacio Amoeiro Bosch <ignacio.amoeiro at extern.ibsalut.es> [2020-05-14 09:10]:
> Does Shibboleth supoprt BaseID Name Identifiers?
Looking at SAML 2.0 core, section 2.2.1:
"The <BaseID> element is an extension point that allows applications
to add new kinds of identifiers. Its BaseIDAbstractType complex type
is abstract and is thus usable only as the base of a derived type."
that doesn't sound to me like you could use that "as is" as there's no
fixed contend model defined. ("usable only as the base of a derived type").
As such I can't imagine any software including "support" for that out
of the box in a meaningful way.
> Or is equivalent to NameID?
No, though NameIDs (and the NameIDType) are based on the abstract
BaseID type, quoting from section 2.2.2:
"The NameIDType complex type is used when an element serves to
represent an entity by a string-valued name. It is a more restricted
form of identifier than the <BaseID> element and is the type
underlying boththe <NameID> and <Issuer> elements."
I.e., NameIDs have string values and are fully defined by SAML core.
BaseIDs have an abstract and complex type, with no standardised
content anyone could implement support for, AFAIU.
More information about the users