OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Urgent: SAML NS declaration in SOAP-ENV or self contained?

Title: Urgent: SAML NS declaration in SOAP-ENV or self contained?
 
Sorry to butt-in, I'm not a SAML expert and I don't even pretend to play one on TV :-) but...
 
This does not seem like a SAML issue, but rather a generic XML / namespace usage issue.
 
Whenever you remove a document subset (XML element and its children) from the parent document, where namespaces/prefixes used in the child/subset are only defined at the root document element, you must copy namespace declarations from the original parent/root to the new (previously child/subset element like your Response element in the samlp namespace) element that will become the new document root for the document you're going to pass on to others... (unless the XML processing infrastructure you're using does that for you when you extract it from the original document, which is not likely in many cases)...
 
I would assume you'd need to support both, since both appear to be legal XML.
-----Original Message-----
From: Mingde Xu [mailto:mxu@crosslogix.com]
Sent: Thursday, July 11, 2002 1:34 PM
To: 'saml-dev@lists.oasis-open.org'
Subject: [saml-dev] Urgent: SAML NS declaration in SOAP-ENV or self contained?

We ran into one problem during internet testing using the samlp and saml namespace (NS) declaration in the SAML request and response, can someone clarify it because it may cause problem at Interop.  The SAML processing routines would have problems in understanding the (2) kind of NS declaration.

There are two ways of declaring the NS:

1. declaration at the SAML level - NS is self-contained within SAML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" >
   <SOAP-ENV:Header> ...</SOAP-ENV:Header>
   <SOAP-ENV:Body>
   <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" ResponseID="id" ...> .....

   </samlp:Response>
    </SOAP-ENV:Body>
  ...
</SOAP-ENV>

2. declaration at the SOAP level
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

   <SOAP-ENV:Header> ...</SOAP-ENV:Header>
   <SOAP-ENV:Body>
   <samlp:Response ResponseID="id" ...> .....
   </samlp:Response>
   </SOAP-ENV:Body>
    ...
</SOAP-ENV>

With (1), SOAP carrier can just pass the samlp:Response to the SAML processing module.
With (2), SAML processing module has to process the whole SOAP message.

Which way (or both) should one support?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC