Re: [plasma] GetRoleToken or GetRoleTokens?

Ed Simon <> Sat, 10 November 2012 14:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 08ED521F846B for <>; Sat, 10 Nov 2012 06:50:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.133
X-Spam-Status: No, score=-6.133 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SzYm-bZk7OCn for <>; Sat, 10 Nov 2012 06:50:29 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 4682F21F8462 for <>; Sat, 10 Nov 2012 06:50:29 -0800 (PST)
Received: from [] by id E9/65-24120-4B96E905; Sat, 10 Nov 2012 14:50:28 +0000
X-Originating-IP: []
X-StarScan-Version:; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 24290 invoked from network); 10 Nov 2012 14:50:27 -0000
Received: from (HELO ( by with AES128-SHA encrypted SMTP; 10 Nov 2012 14:50:27 -0000
Received: from E10MB3.tituscorp.local ([fe80::84f4:cfbe:f32f:9a5]) by E10CH1.tituscorp.local ([]) with mapi id 14.03.0099.000; Sat, 10 Nov 2012 09:50:24 -0500
From: Ed Simon <>
To: Jim Schaad <>, 'Alan Borland' <>, "" <>
Thread-Topic: [plasma] GetRoleToken or GetRoleTokens?
Thread-Index: AQHNvaaoyazTj0FLX0mJ1gUDGl9Q/ZfgX94AgALHsns=
Date: Sat, 10 Nov 2012 14:50:24 +0000
Message-ID: <DCD8C7A5A8B3E844AA2E2CBE327CDC92013C49A3@E10MB3.tituscorp.local>
References: <>, <009b01cdbdc3$ae1ef830$0a5ce890$>
In-Reply-To: <009b01cdbdc3$ae1ef830$0a5ce890$>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [plasma] GetRoleToken or GetRoleTokens?
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 10 Nov 2012 14:50:30 -0000

OK, but the schema does not cover many of the naming issues such as when the PLASMA schema references external schemas (such as SAML, XACML, etc.) and the specification, but not the schema, requires certain values to be used in those external structures.

For Alan's question, the question is what should be the value of the XACML action-id attribute; that is not specified in the schema (unless I missed it, though I agree the PLASMA-specific <GetCMSToken> element is).

For my question about the XACML <Attributes> category for PLASMA data, that also is not defined in the PLASMA schema, correct?

From: [] on behalf of Jim Schaad []
Sent: Thursday, November 08, 2012 10:13
To: 'Alan Borland';
Subject: Re: [plasma] GetRoleToken or GetRoleTokens?

One should always use the schema as the authoritative space for names.  I don’t always manage to schema check the examples before publishing the document as I don’t have a command line schema checker like I do for ASN.1

Let me know when text and schema disagree on the names


From: [] On Behalf Of Alan Borland
Sent: Thursday, November 08, 2012 6:46 AM
Subject: [plasma] GetRoleToken or GetRoleTokens?

In draft-schaad-plasma-service-03:

- Section 7.1 uses 'GetRoleToken'

- Appendix B uses 'GetRoleTokens'

For our prototyping exercise we have been using 'GetRoleToken'