org.openliberty.arisid
Class URIConst
java.lang.Object
org.openliberty.arisid.URIConst
public class URIConst
- extends java.lang.Object
URI identifier constants adapted from OASIS and W3.org.
* saml-core-2.0-os OASIS specification. (C) 15 March 2005, OASIS Open
* XMLSchema, (C)2000-2007, World Wide Web Consortium,
* XACML data types, (C)2004 OASIS Open.
- See Also:
- OASIS saml-core-2.0-os.pdf,
W3C XML Schema,
XACML Specifications
Field Summary |
static java.lang.String |
SAML_NAME_FORMAT_BASIC
The class of strings acceptable as the attribute name MUST be drawn from the set of values belonging to
the primitive type xs:Name as that make use of this identifier. |
static java.lang.String |
SAML_NAME_FORMAT_UNSPECIFIED
The interpretation of the attribute name is left to individual implementations. |
static java.lang.String |
SAML_NAME_FORMAT_URI_REFERENCE
The attribute name follows the convention for URI references [RFC 2396], for example as used in XACML
attribute identifiers. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_EXPLICIT
Indicates that a principal's consent has been explicitly obtained by the issuer of the message during the
action that initiated the message. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_IMPLICIT
Indicates that a principal's consent has been implicitly obtained by the issuer of the message during the
action that initiated the message, as part of a broader indication of consent. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_INAPPLICABLE
Indicates that the issuer of the message does not believe that they need to obtain or report consent. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_OBTAINED
Indicates that a principal's consent has been obtained by the issuer of the message. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_PRIOR
Indicates that a principal's consent has been obtained by the issuer of the message at some point prior to
the action that initiated the message. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_UNAVAILABLE
Indicates that the issuer of the message did not obtain consent. |
static java.lang.String |
SAML_NAME_IDENT_CONSENT_UNSPECIFIED
No claim as to principal consent is being made. |
static java.lang.String |
SAML_NAME_IDENT_EMAIL_ADDRESS
Indicates that the content of the element is in the form of an email address, specifically "addr-spec" as
defined in IETF RFC 2822 [RFC 2822] Section 3.4.1. |
static java.lang.String |
SAML_NAME_IDENT_ENTITY
Indicates that the content of the element is the identifier of an entity that provides SAML-based services
(such as a SAML authority, requester, or responder) or is a participant in SAML profiles (such as a service
provider supporting the browser SSO profile). |
static java.lang.String |
SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME
Indicates that the content of the element is in the form of a Kerberos principal name using the format
name[/instance]@REALM. |
static java.lang.String |
SAML_NAME_IDENT_PERSISTENT
Indicates that the content of the element is a persistent opaque identifier for a principal that is specific to
an identity provider and a service provider or affiliation of service providers. |
static java.lang.String |
SAML_NAME_IDENT_TRANSIENT
Indicates that the content of the element is an identifier with transient semantics and SHOULD be treated
as an opaque and temporary value by the relying party. |
static java.lang.String |
SAML_NAME_IDENT_UNSPECIFIED
The interpretation of the content of the element is left to individual implementations. |
static java.lang.String |
SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME
Indicates that the content of the element is a Windows domain qualified name. |
static java.lang.String |
SAML_NAME_IDENT_X509_SUBJECT_NAME
Indicates that the content of the element is in the form specified for the contents of the
element in the XML Signature Recommendation [XMLSig]. |
static java.lang.String |
XACML_DnsName
|
static java.lang.String |
XACML_IpAddress
|
static java.lang.String |
XACML_Rfc822Name
|
static java.lang.String |
XACML_X500Name
|
static java.lang.String |
XML_AnyURI
|
static java.lang.String |
XML_Base64Binary
|
static java.lang.String |
XML_Boolean
|
static java.lang.String |
XML_Date
|
static java.lang.String |
XML_DateTime
|
static java.lang.String |
XML_DayTimeDuration
|
static java.lang.String |
XML_Double
|
static java.lang.String |
XML_HexBinary
|
static java.lang.String |
XML_Integer
|
static java.lang.String |
XML_String
|
static java.lang.String |
XML_Time
|
static java.lang.String |
XML_YearMonthDuration
|
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
XML_String
public static final java.lang.String XML_String
- See Also:
- Constant Field Values
XML_Boolean
public static final java.lang.String XML_Boolean
- See Also:
- Constant Field Values
XML_Integer
public static final java.lang.String XML_Integer
- See Also:
- Constant Field Values
XML_Double
public static final java.lang.String XML_Double
- See Also:
- Constant Field Values
XML_Time
public static final java.lang.String XML_Time
- See Also:
- Constant Field Values
XML_Date
public static final java.lang.String XML_Date
- See Also:
- Constant Field Values
XML_DateTime
public static final java.lang.String XML_DateTime
- See Also:
- Constant Field Values
XML_AnyURI
public static final java.lang.String XML_AnyURI
- See Also:
- Constant Field Values
XML_HexBinary
public static final java.lang.String XML_HexBinary
- See Also:
- Constant Field Values
XML_Base64Binary
public static final java.lang.String XML_Base64Binary
- See Also:
- Constant Field Values
XML_DayTimeDuration
public static final java.lang.String XML_DayTimeDuration
- See Also:
- Constant Field Values
XML_YearMonthDuration
public static final java.lang.String XML_YearMonthDuration
- See Also:
- Constant Field Values
XACML_X500Name
public static final java.lang.String XACML_X500Name
- See Also:
- Constant Field Values
XACML_Rfc822Name
public static final java.lang.String XACML_Rfc822Name
- See Also:
- Constant Field Values
XACML_IpAddress
public static final java.lang.String XACML_IpAddress
- See Also:
- Constant Field Values
XACML_DnsName
public static final java.lang.String XACML_DnsName
- See Also:
- Constant Field Values
SAML_NAME_FORMAT_UNSPECIFIED
public static final java.lang.String SAML_NAME_FORMAT_UNSPECIFIED
- The interpretation of the attribute name is left to individual implementations.
- See Also:
- Constant Field Values
SAML_NAME_FORMAT_URI_REFERENCE
public static final java.lang.String SAML_NAME_FORMAT_URI_REFERENCE
- The attribute name follows the convention for URI references [RFC 2396], for example as used in XACML
attribute identifiers. The interpretation of the URI content or naming scheme is application-specific.
See [SAMLProf] for attribute profiles that make use of this identifier.
- See Also:
- Constant Field Values
SAML_NAME_FORMAT_BASIC
public static final java.lang.String SAML_NAME_FORMAT_BASIC
- The class of strings acceptable as the attribute name MUST be drawn from the set of values belonging to
the primitive type xs:Name as that make use of this identifier.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_UNSPECIFIED
public static final java.lang.String SAML_NAME_IDENT_UNSPECIFIED
- The interpretation of the content of the element is left to individual implementations.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_EMAIL_ADDRESS
public static final java.lang.String SAML_NAME_IDENT_EMAIL_ADDRESS
- Indicates that the content of the element is in the form of an email address, specifically "addr-spec" as
defined in IETF RFC 2822 [RFC 2822] Section 3.4.1. An addr-spec has the form local-part@domain. Note
that an addr-spec has no phrase (such as a common name) before it, has no comment (text surrounded
in parentheses) after it, and is not surrounded by "<" and ">".
- See Also:
- Constant Field Values
SAML_NAME_IDENT_X509_SUBJECT_NAME
public static final java.lang.String SAML_NAME_IDENT_X509_SUBJECT_NAME
- Indicates that the content of the element is in the form specified for the contents of the
element in the XML Signature Recommendation [XMLSig]. Implementors
should note that the XML Signature specification specifies encoding rules for X.509 subject names that
differ from the rules given in IETF RFC 2253 [RFC 2253].
- See Also:
- Constant Field Values
SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME
public static final java.lang.String SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME
- Indicates that the content of the element is a Windows domain qualified name. A Windows domain
qualified user name is a string of the form "DomainName\UserName". The domain name and "\" separator
MAY be omitted.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME
public static final java.lang.String SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME
- Indicates that the content of the element is in the form of a Kerberos principal name using the format
name[/instance]@REALM. The syntax, format and characters allowed for the name, instance, and
realm are described in IETF RFC 1510 [RFC 1510].
- See Also:
- Constant Field Values
SAML_NAME_IDENT_ENTITY
public static final java.lang.String SAML_NAME_IDENT_ENTITY
- Indicates that the content of the element is the identifier of an entity that provides SAML-based services
(such as a SAML authority, requester, or responder) or is a participant in SAML profiles (such as a service
provider supporting the browser SSO profile). Such an identifier can be used in the element to
identify the issuer of a SAML request, response, or assertion, or within the element to make
assertions about system entities that can issue SAML requests, responses, and assertions. It can also be
used in other elements and attributes whose purpose is to identify a system entity in various protocol
exchanges.
The syntax of such an identifier is a URI of not more than 1024 characters in length. It is
RECOMMENDED that a system entity use a URL containing its own domain name to identify itself.
The NameQualifier, SPNameQualifier, and SPProvidedID attributes MUST be omitted.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_PERSISTENT
public static final java.lang.String SAML_NAME_IDENT_PERSISTENT
- Indicates that the content of the element is a persistent opaque identifier for a principal that is specific to
an identity provider and a service provider or affiliation of service providers. Persistent name identifiers
generated by identity providers MUST be constructed using pseudo-random values that have no
discernible correspondence with the subject's actual identifier (for example, username). The intent is to
create a non-public, pair-wise pseudonym to prevent the discovery of the subject's identity or activities.
Persistent name identifier values MUST NOT exceed a length of 256 characters.
The element's NameQualifier attribute, if present, MUST contain the unique identifier of the identity
provider that generated the identifier (see Section 8.3.6). It MAY be omitted if the value can be derived
from the context of the message containing the element, such as the issuer of a protocol message or an
assertion containing the identifier in its subject. Note that a different system entity might later issue its own
protocol message or assertion containing the identifier; the NameQualifier attribute does not change in
this case, but MUST continue to identify the entity that originally created the identifier (and MUST NOT be
omitted in such a case).
The element's SPNameQualifier attribute, if present, MUST contain the unique identifier of the service
provider or affiliation of providers for whom the identifier was generated (see Section 8.3.6). It MAY be
omitted if the element is contained in a message intended only for consumption directly by the service
provider, and the value would be the unique identifier of that service provider.
The element's SPProvidedID attribute MUST contain the alternative identifier of the principal most
recently set by the service provider or affiliation, if any (see Section 3.6). If no such identifier has been
established, then the attribute MUST be omitted.
Persistent identifiers are intended as a privacy protection mechanism; as such they MUST NOT be shared
in clear text with providers other than the providers that have established the shared identifier.
Furthermore, they MUST NOT appear in log files or similar locations without appropriate controls and
protections. Deployments without such requirements are free to use other kinds of identifiers in their
SAML exchanges, but MUST NOT overload this format with persistent but non-opaque values
Note also that while persistent identifiers are typically used to reflect an account linking relationship
between a pair of providers, a service provider is not obligated to recognize or make use of the long term
nature of the persistent identifier or establish such a link. Such a "one-sided" relationship is not discernibly
different and does not affect the behavior of the identity provider or any processing rules specific to
persistent identifiers in the protocols defined in this specification.
Finally, note that the NameQualifier and SPNameQualifier attributes indicate directionality of
creation, but not of use. If a persistent identifier is created by a particular identity provider, the
NameQualifier attribute value is permanently established at that time. If a service provider that receives
such an identifier takes on the role of an identity provider and issues its own assertion containing that
identifier, the NameQualifier attribute value does not change (and would of course not be omitted). It
might alternatively choose to create its own persistent identifier to represent the principal and link the two
values. This is a deployment decision.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_TRANSIENT
public static final java.lang.String SAML_NAME_IDENT_TRANSIENT
- Indicates that the content of the element is an identifier with transient semantics and SHOULD be treated
as an opaque and temporary value by the relying party. Transient identifier values MUST be generated in
accordance with the rules for SAML identifiers (see Section 1.3.4), and MUST NOT exceed a length of
256 characters.
The NameQualifier and SPNameQualifier attributes MAY be used to signify that the identifier
represents a transient and temporary pair-wise identifier. In such a case, they MAY be omitted in
accordance with the rules specified in Section 8.3.7.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_UNSPECIFIED
public static final java.lang.String SAML_NAME_IDENT_CONSENT_UNSPECIFIED
- No claim as to principal consent is being made.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_OBTAINED
public static final java.lang.String SAML_NAME_IDENT_CONSENT_OBTAINED
- Indicates that a principal's consent has been obtained by the issuer of the message.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_PRIOR
public static final java.lang.String SAML_NAME_IDENT_CONSENT_PRIOR
- Indicates that a principal's consent has been obtained by the issuer of the message at some point prior to
the action that initiated the message.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_IMPLICIT
public static final java.lang.String SAML_NAME_IDENT_CONSENT_IMPLICIT
- Indicates that a principal's consent has been implicitly obtained by the issuer of the message during the
action that initiated the message, as part of a broader indication of consent. Implicit consent is typically
more proximal to the action in time and presentation than prior consent, such as part of a session of
activities.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_EXPLICIT
public static final java.lang.String SAML_NAME_IDENT_CONSENT_EXPLICIT
- Indicates that a principal's consent has been explicitly obtained by the issuer of the message during the
action that initiated the message.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_UNAVAILABLE
public static final java.lang.String SAML_NAME_IDENT_CONSENT_UNAVAILABLE
- Indicates that the issuer of the message did not obtain consent.
- See Also:
- Constant Field Values
SAML_NAME_IDENT_CONSENT_INAPPLICABLE
public static final java.lang.String SAML_NAME_IDENT_CONSENT_INAPPLICABLE
- Indicates that the issuer of the message does not believe that they need to obtain or report consent.
- See Also:
- Constant Field Values
URIConst
public URIConst()