BaseID Name Identifiers

Peter Schober peter.schober at univie.ac.at
Thu May 14 08:58:30 UTC 2020


* Ignacio Amoeiro Bosch <ignacio.amoeiro at extern.ibsalut.es> [2020-05-14 09:10]:
> Does Shibboleth supoprt BaseID Name Identifiers?

Looking at SAML 2.0 core, section 2.2.1:

  "The <BaseID> element is an extension point that allows applications
  to add new kinds of identifiers. Its BaseIDAbstractType complex type
  is abstract and is thus usable only as the base of a derived type."

that doesn't sound to me like you could use that "as is" as there's no
fixed contend model defined. ("usable only as the base of a derived type").
As such I can't imagine any software including "support" for that out
of the box in a meaningful way.

> Or is equivalent to NameID?

No, though NameIDs (and the NameIDType) are based on the abstract
BaseID type, quoting from section 2.2.2:

  "The NameIDType complex type is used when an element serves to
  represent an entity by a string-valued name. It is a more restricted
  form of identifier than the <BaseID> element and is the type
  underlying boththe <NameID> and <Issuer> elements."

I.e., NameIDs have string values and are fully defined by SAML core.
BaseIDs have an abstract and complex type, with no standardised
content anyone could implement support for, AFAIU.

-peter


More information about the users mailing list