URIConst

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Project Aristotle - ArisID Attribute Services

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.openliberty.arisid
Class URIConst

java.lang.Object
  org.openliberty.arisid.URIConst

public class URIConst
extends java.lang.Object
extends java.lang.Object

URI identifier constants adapted from OASIS and W3.org. * saml-core-2.0-os OASIS specification. (C) 15 March 2005, OASIS Open * XMLSchema, (C)2000-2007, World Wide Web Consortium, * XACML data types, (C)2004 OASIS Open.

See Also:: OASIS saml-core-2.0-os.pdf, W3C XML Schema, XACML Specifications

Field Summary
`static java.lang.String`	`SAML_NAME_FORMAT_BASIC` The class of strings acceptable as the attribute name MUST be drawn from the set of values belonging to the primitive type xs:Name as that make use of this identifier.
`static java.lang.String`	`SAML_NAME_FORMAT_UNSPECIFIED` The interpretation of the attribute name is left to individual implementations.
`static java.lang.String`	`SAML_NAME_FORMAT_URI_REFERENCE` The attribute name follows the convention for URI references [RFC 2396], for example as used in XACML attribute identifiers.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_EXPLICIT` Indicates that a principal's consent has been explicitly obtained by the issuer of the message during the action that initiated the message.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_IMPLICIT` Indicates that a principal's consent has been implicitly obtained by the issuer of the message during the action that initiated the message, as part of a broader indication of consent.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_INAPPLICABLE` Indicates that the issuer of the message does not believe that they need to obtain or report consent.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_OBTAINED` Indicates that a principal's consent has been obtained by the issuer of the message.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_PRIOR` Indicates that a principal's consent has been obtained by the issuer of the message at some point prior to the action that initiated the message.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_UNAVAILABLE` Indicates that the issuer of the message did not obtain consent.
`static java.lang.String`	`SAML_NAME_IDENT_CONSENT_UNSPECIFIED` No claim as to principal consent is being made.
`static java.lang.String`	`SAML_NAME_IDENT_EMAIL_ADDRESS` Indicates that the content of the element is in the form of an email address, specifically "addr-spec" as defined in IETF RFC 2822 [RFC 2822] Section 3.4.1.
`static java.lang.String`	`SAML_NAME_IDENT_ENTITY` Indicates that the content of the element is the identifier of an entity that provides SAML-based services (such as a SAML authority, requester, or responder) or is a participant in SAML profiles (such as a service provider supporting the browser SSO profile).
`static java.lang.String`	`SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME` Indicates that the content of the element is in the form of a Kerberos principal name using the format name[/instance]@REALM.
`static java.lang.String`	`SAML_NAME_IDENT_PERSISTENT` Indicates that the content of the element is a persistent opaque identifier for a principal that is specific to an identity provider and a service provider or affiliation of service providers.
`static java.lang.String`	`SAML_NAME_IDENT_TRANSIENT` Indicates that the content of the element is an identifier with transient semantics and SHOULD be treated as an opaque and temporary value by the relying party.
`static java.lang.String`	`SAML_NAME_IDENT_UNSPECIFIED` The interpretation of the content of the element is left to individual implementations.
`static java.lang.String`	`SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME` Indicates that the content of the element is a Windows domain qualified name.
`static java.lang.String`	`SAML_NAME_IDENT_X509_SUBJECT_NAME` Indicates that the content of the element is in the form specified for the contents of the element in the XML Signature Recommendation [XMLSig].
`static java.lang.String`	`XACML_DnsName`
`static java.lang.String`	`XACML_IpAddress`
`static java.lang.String`	`XACML_Rfc822Name`
`static java.lang.String`	`XACML_X500Name`
`static java.lang.String`	`XML_AnyURI`
`static java.lang.String`	`XML_Base64Binary`
`static java.lang.String`	`XML_Boolean`
`static java.lang.String`	`XML_Date`
`static java.lang.String`	`XML_DateTime`
`static java.lang.String`	`XML_DayTimeDuration`
`static java.lang.String`	`XML_Double`
`static java.lang.String`	`XML_HexBinary`
`static java.lang.String`	`XML_Integer`
`static java.lang.String`	`XML_String`
`static java.lang.String`	`XML_Time`
`static java.lang.String`	`XML_YearMonthDuration`

Constructor Summary
`URIConst()`

Method Summary

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

XML_String

public static final java.lang.String XML_String

See Also:: Constant Field Values

XML_Boolean

public static final java.lang.String XML_Boolean

See Also:: Constant Field Values

XML_Integer

public static final java.lang.String XML_Integer

See Also:: Constant Field Values

XML_Double

public static final java.lang.String XML_Double

See Also:: Constant Field Values

XML_Time

public static final java.lang.String XML_Time

See Also:: Constant Field Values

XML_Date

public static final java.lang.String XML_Date

See Also:: Constant Field Values

XML_DateTime

public static final java.lang.String XML_DateTime

See Also:: Constant Field Values

XML_AnyURI

public static final java.lang.String XML_AnyURI

See Also:: Constant Field Values

XML_HexBinary

public static final java.lang.String XML_HexBinary

See Also:: Constant Field Values

XML_Base64Binary

public static final java.lang.String XML_Base64Binary

See Also:: Constant Field Values

XML_DayTimeDuration

public static final java.lang.String XML_DayTimeDuration

See Also:: Constant Field Values

XML_YearMonthDuration

public static final java.lang.String XML_YearMonthDuration

See Also:: Constant Field Values

XACML_X500Name

public static final java.lang.String XACML_X500Name

See Also:: Constant Field Values

XACML_Rfc822Name

public static final java.lang.String XACML_Rfc822Name

See Also:: Constant Field Values

XACML_IpAddress

public static final java.lang.String XACML_IpAddress

See Also:: Constant Field Values

XACML_DnsName

public static final java.lang.String XACML_DnsName

See Also:: Constant Field Values

SAML_NAME_FORMAT_UNSPECIFIED

public static final java.lang.String SAML_NAME_FORMAT_UNSPECIFIED

The interpretation of the attribute name is left to individual implementations.

See Also:: Constant Field Values

SAML_NAME_FORMAT_URI_REFERENCE

public static final java.lang.String SAML_NAME_FORMAT_URI_REFERENCE

The attribute name follows the convention for URI references [RFC 2396], for example as used in XACML attribute identifiers. The interpretation of the URI content or naming scheme is application-specific. See [SAMLProf] for attribute profiles that make use of this identifier.

See Also:: Constant Field Values

SAML_NAME_FORMAT_BASIC

public static final java.lang.String SAML_NAME_FORMAT_BASIC

The class of strings acceptable as the attribute name MUST be drawn from the set of values belonging to the primitive type xs:Name as that make use of this identifier.

See Also:: Constant Field Values

SAML_NAME_IDENT_UNSPECIFIED

public static final java.lang.String SAML_NAME_IDENT_UNSPECIFIED

The interpretation of the content of the element is left to individual implementations.

See Also:: Constant Field Values

SAML_NAME_IDENT_EMAIL_ADDRESS

public static final java.lang.String SAML_NAME_IDENT_EMAIL_ADDRESS

Indicates that the content of the element is in the form of an email address, specifically "addr-spec" as defined in IETF RFC 2822 [RFC 2822] Section 3.4.1. An addr-spec has the form local-part@domain. Note that an addr-spec has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by "<" and ">".

See Also:: Constant Field Values

SAML_NAME_IDENT_X509_SUBJECT_NAME

public static final java.lang.String SAML_NAME_IDENT_X509_SUBJECT_NAME

Indicates that the content of the element is in the form specified for the contents of the element in the XML Signature Recommendation [XMLSig]. Implementors should note that the XML Signature specification specifies encoding rules for X.509 subject names that differ from the rules given in IETF RFC 2253 [RFC 2253].

See Also:: Constant Field Values

SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME

public static final java.lang.String SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME

Indicates that the content of the element is a Windows domain qualified name. A Windows domain qualified user name is a string of the form "DomainName\UserName". The domain name and "\" separator MAY be omitted.

See Also:: Constant Field Values

SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME

public static final java.lang.String SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME

Indicates that the content of the element is in the form of a Kerberos principal name using the format name[/instance]@REALM. The syntax, format and characters allowed for the name, instance, and realm are described in IETF RFC 1510 [RFC 1510].

See Also:: Constant Field Values

SAML_NAME_IDENT_ENTITY

public static final java.lang.String SAML_NAME_IDENT_ENTITY

Indicates that the content of the element is the identifier of an entity that provides SAML-based services (such as a SAML authority, requester, or responder) or is a participant in SAML profiles (such as a service provider supporting the browser SSO profile). Such an identifier can be used in the element to identify the issuer of a SAML request, response, or assertion, or within the element to make assertions about system entities that can issue SAML requests, responses, and assertions. It can also be used in other elements and attributes whose purpose is to identify a system entity in various protocol exchanges. The syntax of such an identifier is a URI of not more than 1024 characters in length. It is RECOMMENDED that a system entity use a URL containing its own domain name to identify itself. The NameQualifier, SPNameQualifier, and SPProvidedID attributes MUST be omitted.

See Also:: Constant Field Values

SAML_NAME_IDENT_PERSISTENT

public static final java.lang.String SAML_NAME_IDENT_PERSISTENT

Indicates that the content of the element is a persistent opaque identifier for a principal that is specific to an identity provider and a service provider or affiliation of service providers. Persistent name identifiers generated by identity providers MUST be constructed using pseudo-random values that have no discernible correspondence with the subject's actual identifier (for example, username). The intent is to create a non-public, pair-wise pseudonym to prevent the discovery of the subject's identity or activities. Persistent name identifier values MUST NOT exceed a length of 256 characters. The element's NameQualifier attribute, if present, MUST contain the unique identifier of the identity provider that generated the identifier (see Section 8.3.6). It MAY be omitted if the value can be derived from the context of the message containing the element, such as the issuer of a protocol message or an assertion containing the identifier in its subject. Note that a different system entity might later issue its own protocol message or assertion containing the identifier; the NameQualifier attribute does not change in this case, but MUST continue to identify the entity that originally created the identifier (and MUST NOT be omitted in such a case). The element's SPNameQualifier attribute, if present, MUST contain the unique identifier of the service provider or affiliation of providers for whom the identifier was generated (see Section 8.3.6). It MAY be omitted if the element is contained in a message intended only for consumption directly by the service provider, and the value would be the unique identifier of that service provider. The element's SPProvidedID attribute MUST contain the alternative identifier of the principal most recently set by the service provider or affiliation, if any (see Section 3.6). If no such identifier has been established, then the attribute MUST be omitted. Persistent identifiers are intended as a privacy protection mechanism; as such they MUST NOT be shared in clear text with providers other than the providers that have established the shared identifier. Furthermore, they MUST NOT appear in log files or similar locations without appropriate controls and protections. Deployments without such requirements are free to use other kinds of identifiers in their SAML exchanges, but MUST NOT overload this format with persistent but non-opaque values Note also that while persistent identifiers are typically used to reflect an account linking relationship between a pair of providers, a service provider is not obligated to recognize or make use of the long term nature of the persistent identifier or establish such a link. Such a "one-sided" relationship is not discernibly different and does not affect the behavior of the identity provider or any processing rules specific to persistent identifiers in the protocols defined in this specification. Finally, note that the NameQualifier and SPNameQualifier attributes indicate directionality of creation, but not of use. If a persistent identifier is created by a particular identity provider, the NameQualifier attribute value is permanently established at that time. If a service provider that receives such an identifier takes on the role of an identity provider and issues its own assertion containing that identifier, the NameQualifier attribute value does not change (and would of course not be omitted). It might alternatively choose to create its own persistent identifier to represent the principal and link the two values. This is a deployment decision.

See Also:: Constant Field Values

SAML_NAME_IDENT_TRANSIENT

public static final java.lang.String SAML_NAME_IDENT_TRANSIENT

Indicates that the content of the element is an identifier with transient semantics and SHOULD be treated as an opaque and temporary value by the relying party. Transient identifier values MUST be generated in accordance with the rules for SAML identifiers (see Section 1.3.4), and MUST NOT exceed a length of 256 characters. The NameQualifier and SPNameQualifier attributes MAY be used to signify that the identifier represents a transient and temporary pair-wise identifier. In such a case, they MAY be omitted in accordance with the rules specified in Section 8.3.7.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_UNSPECIFIED

public static final java.lang.String SAML_NAME_IDENT_CONSENT_UNSPECIFIED

No claim as to principal consent is being made.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_OBTAINED

public static final java.lang.String SAML_NAME_IDENT_CONSENT_OBTAINED

Indicates that a principal's consent has been obtained by the issuer of the message.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_PRIOR

public static final java.lang.String SAML_NAME_IDENT_CONSENT_PRIOR

Indicates that a principal's consent has been obtained by the issuer of the message at some point prior to the action that initiated the message.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_IMPLICIT

public static final java.lang.String SAML_NAME_IDENT_CONSENT_IMPLICIT

Indicates that a principal's consent has been implicitly obtained by the issuer of the message during the action that initiated the message, as part of a broader indication of consent. Implicit consent is typically more proximal to the action in time and presentation than prior consent, such as part of a session of activities.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_EXPLICIT

public static final java.lang.String SAML_NAME_IDENT_CONSENT_EXPLICIT

Indicates that a principal's consent has been explicitly obtained by the issuer of the message during the action that initiated the message.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_UNAVAILABLE

public static final java.lang.String SAML_NAME_IDENT_CONSENT_UNAVAILABLE

Indicates that the issuer of the message did not obtain consent.

See Also:: Constant Field Values

SAML_NAME_IDENT_CONSENT_INAPPLICABLE

public static final java.lang.String SAML_NAME_IDENT_CONSENT_INAPPLICABLE

Indicates that the issuer of the message does not believe that they need to obtain or report consent.

See Also:: Constant Field Values

Constructor Detail

URIConst

public URIConst()

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

OpenLiberty.org - Licensed under Apache APL 2.0

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.openliberty.arisid Class URIConst

XML_String

XML_Boolean

XML_Integer

XML_Double

XML_Time

XML_Date

XML_DateTime

XML_AnyURI

XML_HexBinary

XML_Base64Binary

XML_DayTimeDuration

XML_YearMonthDuration

XACML_X500Name

XACML_Rfc822Name

XACML_IpAddress

XACML_DnsName

SAML_NAME_FORMAT_UNSPECIFIED

SAML_NAME_FORMAT_URI_REFERENCE

SAML_NAME_FORMAT_BASIC

SAML_NAME_IDENT_UNSPECIFIED

SAML_NAME_IDENT_EMAIL_ADDRESS

SAML_NAME_IDENT_X509_SUBJECT_NAME

SAML_NAME_IDENT_WIN_DOMAIN_QUAL_NAME

SAML_NAME_IDENT_KERBEROS_PRINCIPAL_NAME

SAML_NAME_IDENT_ENTITY

SAML_NAME_IDENT_PERSISTENT

SAML_NAME_IDENT_TRANSIENT

SAML_NAME_IDENT_CONSENT_UNSPECIFIED

SAML_NAME_IDENT_CONSENT_OBTAINED

SAML_NAME_IDENT_CONSENT_PRIOR

SAML_NAME_IDENT_CONSENT_IMPLICIT

SAML_NAME_IDENT_CONSENT_EXPLICIT

SAML_NAME_IDENT_CONSENT_UNAVAILABLE

SAML_NAME_IDENT_CONSENT_INAPPLICABLE

URIConst

org.openliberty.arisid
Class URIConst