Metadata for SAML 1.1 Web Browser ProfilesDraft 02, 23 April 2003Document identifier:

draft-sstc-saml-meta-data-02

Location:http://www.oasis-open.org/apps/org/workgroup/security/download.php

Editors:Jahan Moreh, Sigaba <jmoreh@sigaba.com>

Contributors:Prateek Mishra, NetegrityJeff Hodges, Sun MicrosystemsCharles Knouse, OblixRob Philpott, RSA

Abstract:The SAML 1.1 web browser profiles require agreement between a source and destination site about metadata in the form of URLs, source and destination IDs, certificate authorities, etc. Liberty 1.2 draft specification includes metadata description and discovery protocols. This document describes the elements and attributes from Liberty 1.2 specification that are used to describe the required metadata for entities using SAML 1.1 browser profiles.

Status:Interim draft. Send comments to the editor.Committee members should send comments on this specification to the security-services@lists.oasis-open.org list. Others should subscribe to and send comments to the security-services-comment@lists.oasis-open.org list. To subscribe, send an email

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 1 of 19

1

2

3

4

56

7

8

910

1112131415

16171819202122

2324252627

12

34567891011121314151617

message to security-services-comment-request@lists.oasis-open.org with the word "subscribe" as the body of the message.For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Security Services TC web page (http://www.oasis-open.org/committees/security/).

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 2 of 19

282930313233

1819

202122232425262728293031323334

Table of Contents1 Introduction............................................................................................................................ 4

1.1 Notation................................................................................................................................ 41.2 Trust Model........................................................................................................................... 4

2 Metadata for SAML 1.1 Web Browser Profiles.......................................................................52.1 Schema declaration..............................................................................................................5

2.1.1 Namespaces in metadata..............................................................................................52.1.2 Data type entityIDType............................................................................................62.1.3 Common attributes........................................................................................................62.1.4 Common elements........................................................................................................62.1.5 Base type providerDescriptorType......................................................................72.1.6 Element IDPDescriptor............................................................................................92.1.7 Element SPDescriptor............................................................................................10

2.2 Entity Descriptors...............................................................................................................122.2.1 Element EntityDescriptor....................................................................................12

3 Complete metadata schema................................................................................................134 References........................................................................................................................... 16Appendix A. Revision History........................................................................................................18Appendix B. Notices...................................................................................................................... 19

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 3 of 19

34

353637383940414243444546474849505152

53

3536

373839404142434445464748495051

1 IntroductionThe SAML web browser profiles require agreement between a source and destination site about supported protocols, URL of assertion producers and consumers, source and destination IDs, certificates and keys, and so forth. SAML web browser source and destinations exchange this information via a set of metadata.

Liberty 1.2 draft specification includes metadata description and discovery protocols [libMD]. This document specifies elements and attributes from the Liberty 1.2 draft specification that are used to describe the required metadata for entities using SAML 1.1 browser profiles.

1.1 NotationThe key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this specification are to be interpreted as described in IETF RFC 2119 [RFC2119].

Listings of productions or other normative code appear like this.

Example code listings appear like this.

Note: Non-normative notes and explanations appear like this.

Conventional XML namespace prefixes are used throughout this specification to stand for their respective namespaces as follows, whether or not a namespace declaration is present in the example:The prefix saml: stands for the SAML assertion namespace [SAMLCore].The prefix samlp: stands for the SAML request-response protocol namespace [SAMLCore].The prefix ds: stands for the W3C XML Signature namespace, http://www.w3.org/2000/09/xmldsig# [XMLSig].

1.2 Trust ModelThis documents specifies a single trust model between assertion producers and assertion consumers. This trust model is based on exchanging public keys in the metadata. These public keys are used by assertion consumers to verify assertions that may be signed by assertion producers. Additional trust models and corresponding credentials are beyond the scope of this specification.

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 4 of 19

545556575859606162

6364656667

6869

70

71727374757677

787980818283

5253

545556575859606162636465666768

2 Metadata for SAML 1.1 Web Browser ProfilesThe Liberty metadata discovery protocol provides for real-time exchanges of metadata between providers. SAML 1.1 does not use Liberty’s publishing protocols for real-time exchange of metadata. Rather, SAML source and destination sites must a priori have obtained metadata regarding each other. That is, the protocols for exchanging metadata are outside the scope of this specification.

SAML 1.1 adopts Liberty’s definition as follows: Identity Provider (IDP) means a SAML Browser Profile source. Service Provider (SP) means a SAML Browser Profile destination

The metadata schema in this specifications allows for a single methods of representation. This representation consists of a single document expressing all of the metadata for a single provider identified by one or more providerIDs.

The metadata schema in this specifications does not allow for: A single document describing multiple providers identified by multiple providerIDs, or Multiple documents which individually describe portions of the provider’s metadata.

2.1 Schema declarationThe primary container for a published metadata document is EntityDescriptor. (See 2.2.1for more details) The immediate child node of EntityDescriptor expects one or more of :

IDPDescriptor (see Section 2.1.6 for more details) SPDescriptor (see Section 2.1.7 for more details)

2.1.1 Namespaces in metadataThe SAML metadata structures are modeled after the metadata schema specified by the Liberty Alliance Project (see [libMD] for additional details). The namespaces referenced in [libMD] and used in SAML metadata structures are:ds: is described by the W3C XML signature schemasaml: is described by SAML assertion namespace [SAMLCore]

The namespaces referenced in [libMD] and not used in SAML metadata structures are:isf: the Liberty Services Framework schemapip: the Liberty Personal Information Profile schema

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 5 of 19

84858687888990919293949596979899100101

102103104105106

1071081091101111121131141151161176970

717273747576777879808182838485

The following schema fragment illustrates the use if namespaces in SAML metadata structure.<xs:schema targetNamespace="urn:oasis:names:tc:SAML:1.1:metadata" xmlns="urn:oasis:names:tc:SAML:1.1:metadata " xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion">

2.1.2 Data type entityIDType The data type entityIDType is adopted without modification from [libMD]. Basically, entityIDType restricts XML data to a length of 1024 bytes. Within this specification entityIDType is used to provide a unique ID for providers. The schema fragment for entityIDType is:

<xs:simpleType name="entityIDType"> <xs:restriction base="xs:anyURI">  <xs:maxLength id="maxlengid" value="1024" />   <xs:pattern value="" />  </xs:restriction></xs:simpleType>

2.1.3 Common attributesSAML 1.1 metadata specification adopts two common attributes from [libMD]:

providerID of type entityIDType indicates the providerID of the provider, described by the children of the node.

validUntil of type dateTime indicates expiration date and time of the node and its descendants. If dateTime expressions evaluate to nonequivalent values, parsers MUST adhere to the most restrictive valued (i.e., the earliest dateTime).

The schema fragment for providerID and validUnil is:  <xs:attribute name="providerID" type="entityIDType" />   <xs:attribute name="validUntil" type="xs:dateTime" />

2.1.4 Common elementsSAML 1.1 metadata specification adopts common elements from [libMD]as described in the following subsections.

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 6 of 19

118119120121122123124

125126127128129130131132133134135

136137138139140141142143144145146147

148149150

8687

888990919293949596979899100101102

2.1.4.1 Extension elementThe Extension element allows for arbitrary content extensions from other namespaces. The schema fragment for Extension is:

<xs:element name="Extension" type="extensionType" /><xs:complexType name="extensionType"> <xs:sequence >

<xs:any namespace="##other" processContents="lax" maxOccurs="unbounded" />   </xs:sequence></xs:complexType>

2.1.4.2 Organization elementThe Organization element provides some basic information about the provider. The Organization element consists of the following:

Element OrganizationName of type string specifies the organizational name of the provider.

Element OrganizationDisplayName of type string specifies the organizational name of the provider suitable for display.

Element OrganizationURL of type anyURI specifies a URL for the organization and may be used to direct a principal to the provider for additional information.

Element Extension of type extensionType allows for inclusion of additional arbitrary information about the organization.

The schema fragment for Organization is:<xs:element name="Organization" type="organizationType" /> <xs:complexType name="organizationType"><xs:sequence>  <xs:element name="OrganizationName" type="xs:string" />   <xs:element name="OrganizationDisplayName" type="xs:string" />   <xs:element name="OrganizationURL" type="xs:anyURI" />   <xs:element ref="Extension" minOccurs="0" />   </xs:sequence></xs:complexType>

2.1.5 Base type providerDescriptorType The providerDescriptorType generically describes metadata for SAML identity and service providers. The providerDescriptorType is extended by IDPDescriptorType and SPDescriptorType, which further describe specific metadata about identity and service providers respectively (See sections 2.1.6 and 2.1.7for more details).

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 7 of 19

151152153154155156157158159160

161162163164165166167168169170171172173174175176177178179180181

182

183184185186187

103104

105106107108109110111112113114115116117118119

The type providerDescriptorType consists of the following attributes and elements: providerID [required] validUntil [required] protocolSupportEnumeration [required] id [optional] ds:keyInfo [optional] Organization [optional] Extension [optional] ds:Signature [optional]

The schema for providerDescriptorType is:<xs:complexType name="providerDescriptorType"> <xs:sequence>  <xs:element ref="ds:KeyInfo" minOccurs="0" />   <xs:element ref="Organization" minOccurs="0" />   <xs:element ref="Extension" minOccurs="0" />   <xs:element ref="ds:Signature" minOccurs="0" />  </xs:sequence> <xs:attribute ref="providerID" use="required" />  <xs:attribute ref="validUntil" use="required" />  <xs:attribute name="protocolSupportEnumeration" type="xs:NMTOKENS" use="required" /> <xs:attribute name="id" type="xs:ID" use="optional" /></xs:complexType>

2.1.5.1 Attribute providerIDThe attribute providerID specifies a unique ID for the provider. The providerID MUST be unambiguous to the entities that process the metadata (since the providerID is a URI, the designated value should be unambiguous regardless of context).

In case the provider is an Identity Provider, the value of the providerID MUST be the same as the value of the Issuer attribute specified in Section 2.3 of [SAMLCore].

2.1.5.2 Attribute protocolSupportEnumerationThe attribute protocolSupportEnumeration describes the protocol release type of the provider described by providerID. This attribute is of the type NMTOKEN, which allows for the enumeration of a set of SAML protocol releases which the provider MUST support. The data type of the tokens MUST be URNs and the value must be one of the following:

urn:oasis:names:tc:SAML:1.0urn:oasis:names:tc:SAML:1.1

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 8 of 19

188189190191192193194195196197198199200201202203204205206207208209210

211212213214215216217

218219220221222223224

120121

122123124125126127128129130131132133134135136

2.1.5.3 Attribute validUntilThe attribute validUntil indicates the date and time beyond which the metadata can not be guaranteed as being valid. Entities that process a provider’s metadata MUST reject the metadata as stale if the value of this attribute evaluates to a date and time before the current date and time.

2.1.5.4 Attribute idThe attribute id specifies the fragment identifier for the instance node. This attribute is optional, unless the node is being signed. For signed nodes an id attribute MUST be specified.

2.1.5.5 Element ds:keyInfoThe element ds:keyInfo specifies the provider’s public key in a format allowed by [XMLSig]. The provider’s public key is used for verifying signed assertions. As such, it is expected that only Identity Providers will specify this element.

2.1.5.6 Element OrganizationThis element is used to provide information about the provider’s organization. See section 2.1.4.2 for details.

2.1.5.7 Element ExtensionThis element may be used to specify additional metadata about the provider. An entity that does not understand the value of this element SHOULD reject the metadata as unacceptable.

2.1.5.8 Element ds:SignatureA provider may digitally sign its metadata. The element ds:Signature specifies a signature that is conformant with the specification in [XMLSig].

2.1.6 Element IDPDescriptorThe element IDPDescriptor is of type IDPDescriptorType, which extends providerDescriptorType with the following elements:

SoapEndPoint [required] SingleSignonServiceURL [required] SingleSignonProtocolProfile [required]

The schema for IDPDescriptor is:<xs:complexType name="IDPDescriptorType">

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 9 of 19

225226227228

229230231

232233234235

236237238

239240241

242243244

245

246247248249250251252253137138

139140141142143144145146147148149150151152153

<xs:complexContent> <xs:extension base="providerDescriptorType"> <xs:sequence>   <xs:element name="SoapEndpoint" type="xs:anyURI" /> <xs:element name="SingleSignOnServiceURL" type="xs:anyURI" />   <xs:element name="SingleSignOnProtocolProfile" type="xs:anyURI"

maxOccurs="unbounded" />   </xs:sequence>  </xs:extension> </xs:complexContent></xs:complexType>

The element IDPDescriptor does not explicitly contain a SAML Artifact Source ID as specified in Section 4.1.1.8 of SAMLBind. In order to construct the Source ID, providers MUST use the following rules:

Each provider selects the identity provider’s metadata attribute providerID, The provider constructs the Source ID component of the artifact by taking the SHA-1

hash of the metadata attribute providerID, which results in a 20-byte binary value. Note that Source ID value, used to construct the artifact, is not encoded in hexadecimal.

2.1.6.1 Element SoapEndpointThe element SoapEndpoint specifies the URL for the SOAP responder at the identity provider’s site.

2.1.6.2 Element SingleSignOnServiceURLThe element SingleSignOnServiceURL specifies the host and path for the identity provider’s inter-site transfer service (as described in [SAMLBind], sections 4.1.1.3 and 4.2.1.3)

2.1.6.3 Element SingleSignonProtocolProfileThe element SingleSignonProtocolProfile specifies the SAML browser profile(s) supported by the identity provider. Its value MUST be one of the URIs specified in Section 4.1.1.1 or 4.1.2.1 of [SAMLBind]

2.1.7 Element SPDescriptorThe element SPDescriptor is of type SPDescriptorType, which extends providerDescriptorType with the following element:

SingleSignonProtocolProfile [required]

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 10 of 19

254255256257258259260261262263264265266267268269270271272

273274275

276277278

279280281282

283

284285286154155

156157158159160161162163164165166167168169170

AssertionConsumerServiceURL [required]

The schema for SPDescriptor is:<xs:element name=”SPDescriptor” type=”SPDescriptorType” /> <xs:complexType name=”SPDescriptorType”><xs:complexContent><xs:extension base=”providerDescriptorType”> <xs:sequence>

<xs:element name=”AssertionConsumerServiceURL” type="xs:anyURI" minOccurs=”1” maxOccurs=”unbounded” />

<xs:element name=”SingleSignOnProtocolProfile” type=”xs:anyURI” minOccurs=”1” maxOccurs=”unbounded” />

  </xs:sequence>   </xs:extension> </xs:complexContent></xs:complexType>

2.1.7.1 Element AssertionConsumerURLThe element AssertionConsumerURL is a URL consisting of a host name and a path. For service providers that use SAML Browser/Artifact profile, the value of AssertionConsumerURL MUST be set to the artifact receiver host name and path (section 4.1.1.5 of [SAMLBind]).

For service providers that use SAML Browser/POST profile the value of AssertionConsumerURL MUST be set to the assertion consumer host name and path (section 4.1.2.4 of [SAMLBind]).

Service providers that support both SAML Browser/Artifact and Browser/POST profiles SHOULD provide separate SPDescriptors, each having a different providerID and a different AssertionConsumerURL. The two SPDescriptors MAY be encapsulated in a single EntityDescriptor.

2.1.7.2 Element SingleSignonProtocolProfileThe element SingleSignonProtocolProfile specifies the SAML browser profile(s) supported by the service provider. Its value MUST be one of the URIs specified in Section 4.1.1.1 or 4.1.2.1 of [SAMLBind]

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 11 of 19

287288289290291292293294295296297298299300301302303

304305306307308309310311312313314315316

317318319320

171172

173174175176177178179180181182183184185186187

2.2 Entity DescriptorsAn entity descriptor is a container for one or more provider descriptors for a single provider. It is permissible for an entity descriptor to contain more than one descriptor for the same provider. For example, a service provider that supports both Browser/Artifact and Browser/POST profiles may specify its metadata in two service provider descriptors and encapsulate both in a single entity descriptor. However, an entity descriptor MUST NOT contain descriptors from multiple providers.

2.2.1 Element EntityDescriptorThe element EntityDescriptor is a container for one or more provider descriptors. The schema for EntityDescriptor is:

<xs:element name="EntityDescriptor" type="entityDescriptorType" /> <xs:complexType name="entityDescriptorType" mixed="false"> <xs:sequence maxOccurs="unbounded">   <xs:element ref="SPDescriptor" minOccurs="0" />   <xs:element ref="IDPDescriptor" minOccurs="0" /> </xs:sequence></xs:complexType>

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 12 of 19

321322323324325326

327

328329330331332333334335336

337338

188189

190191192193194195196197198199200201202203204

3 Complete metadata schema<?xml version="1.0" encoding="UTF-8" ?>

- <xs:schema targetNamespace="urn:urn:oasis:names:tc:SAML:1.1:metadata" xmlns="urn:oasis:names:tc:SAML:1.1:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion" elementFormDefault="qualified" attributeFormDefault="unqualified">- <!-- $Id: draft-sstc-schema-meta-data-02.xsd, version 02 2003/04/23 16:34:09 jmoreh Exp $ Author: Jahan Moreh Last editor: $Author: jmoreh $ $Date: 2003/04/23 16:34:09 $ $Revision: 02 $

  -->   <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"

schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd" />

  <xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="http://www.oasis-open.org/committees/security/docs/cs-sstc-schema-assertion-01.xsd" />

  <xs:include schemaLocation="lib-arch-iwsf-utility.xsd" /> - <xs:simpleType name="entityIDType">- <xs:restriction base="xs:anyURI">  <xs:maxLength id="maxlengid" value="1024" />   <xs:pattern value="" />   </xs:restriction>  </xs:simpleType>

  <xs:attribute name="providerID" type="entityIDType" />   <xs:attribute name="validUntil" type="xs:dateTime" />   <xs:element name="Organization" type="organizationType" /> - <xs:complexType name="organizationType">- <xs:sequence>  <xs:element name="OrganizationName" type="xs:string" />   <xs:element name="OrganizationDisplayName" type="xs:string" />

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 13 of 19

339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375205206

207208209210211212213214215216217218219220221

  <xs:element name="OrganizationURL" type="xs:anyURI" />   <xs:element ref="Extension" minOccurs="0" />   </xs:sequence>  </xs:complexType>

- <xs:complexType name="providerDescriptorType">- <xs:sequence>  <xs:element ref="ds:KeyInfo" minOccurs="0" />   <xs:element name="SoapEndpoint" type="xs:anyURI" minOccurs="0" />   <xs:element ref="Organization" minOccurs="0" />   <xs:element ref="Extension" minOccurs="0" />   <xs:element ref="ds:Signature" minOccurs="0" />   </xs:sequence>

  <xs:attribute ref="providerID" use="required" />   <xs:attribute name="id" type="xs:ID" use="optional" />   <xs:attribute ref="validUntil" use="optional" />   <xs:attribute name="protocolSupportEnumeration" type="xs:NMTOKENS"

use="required" />   </xs:complexType>

  <xs:element name="EntityDescriptor" type="entityDescriptorType" /> - <xs:complexType name="entityDescriptorType" mixed="false">- <xs:sequence maxOccurs="unbounded">  <xs:element ref="SPDescriptor" minOccurs="0" />   <xs:element ref="IDPDescriptor" minOccurs="0" />   </xs:sequence>  </xs:complexType>

  <xs:element name="SPDescriptor" type="SPDescriptorType" /> - <xs:complexType name="SPDescriptorType">- <xs:complexContent>- <xs:extension base="providerDescriptorType">- <xs:sequence>  <xs:element name="AssertionConsumerServiceURL" type="xs:anyURI"

minOccurs="1" maxOccurs="unbounded" />   <xs:element name="SingleSignOnProtocolProfile" type="xs:anyURI"

minOccurs="1" maxOccurs="unbounded" />   </xs:sequence>  </xs:extension>  </xs:complexContent>  </xs:complexType>

  <xs:element name="IDPDescriptor" type="IDPDescriptorType" /> - <xs:complexType name="IDPDescriptorType">

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 14 of 19

376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415222223

224225226227228229230231232233234235236237238

- <xs:complexContent>- <xs:extension base="providerDescriptorType">- <xs:sequence>  <xs:element name="SingleSignOnServiceURL" type="xs:anyURI" />   <xs:element name="SingleSignOnProtocolProfile" type="xs:anyURI"

maxOccurs="unbounded" /> </xs:sequence>

</xs:extension> </xs:complexContent> </xs:complexType> </xs:schema>

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 15 of 19

416417418419420421422423424425426427

239240

241242243244245246247248249250251252253254255

4 References[RFC2119] S. Bradner, Key words for use in RFCs to Indicate

Requirement Levels, http://www.ietf.org/rfc/rfc2119.txt, IETF RFC 2119, March 1997.

[SAMLBind] P. Mishra (Editor), Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML), Committee Specification 01, available from http://www.oasis-open.org/committees/security, OASIS, May 2002.

[SAMLCore] P. Hallam-Baker, P., and E. Maler, (Editors), Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML), Committee Specification 01, available from http://www.oasis-open.org/committees/security, OASIS, May 2002.

[SAMLReqs] D. Platt et al., SAML Requirements and Use Cases, OASIS, December 2001.

[SAMLSecure] Security and Privacy Cpnsiderations for the OASIS Security Assertion Markup Language (SAML), http://www.oasis-open.org/committees/security/docs/cs-sstc-sec-consider-01.doc.

[XMLSig] D. Eastlake et al., XML-Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/, World Wide Web Consortium.

[libMD] P. Davis (Editor), Liberty Alliance Project: Metadata description and discovery protocols, DRAFT version: 1.0-06, 13 April 2003.

[LAProtSchema] John D. Beatty, John Kemp, Liberty Protocols and Schemas Specification, Draft Version 1.1-05, November 2002.

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 16 of 19

428

429430431432433434435436437438439440441442443444445446447448449450451452453454455456457

256257

258259260261262263264265266267268269270271272

[SAMLInterOp] Prateek Mishra, Proposed InterOp Scenario for SAML at Catalyst 2002, April 26, 2002, available at http://lists.oasis-open.org/archives/saml-dev/200206/msg00209.html

[SAMLMETA-XSD] draft-sstc-schema-meta-data-02.xsd

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 17 of 19

458459460461462

273274

275276277278279280281282283284285286287288289

Appendix A. Revision HistoryRev Date By Whom Whatwd-00 2002-06-16 Prateek Mishra First draft based on discussion with Jeff

Hodges

01 2003-02-01 Prateek MishraReview from TC

02 2003-04-23 Jahan Moreh Major medications based on Liberty 1.2 Metadata Specification, Draft version 1.0-06

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 18 of 19

463

464465

290291

292293294295296297298299300301302303304305306

Appendix B. NoticesOASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.Copyright © OASIS Open 2002. All Rights Reserved.This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

draft-sstc-saml-meta-data-02 23 April 2003Copyright © OASIS Open 2003. All Rights Reserved. Page 19 of 19

466

467468469470471472473474475476477478479480481482483484485486487488489490491492493494495

307308

309310311312313314315316317318319320321322323