OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of ID attributes to SAML 1.0 elements in SAML 1.1


I certainly agree with Scott's statement. I was merely observing that a
significant number of implementations do not use schema validation.

Jahan

----------------
Jahan Moreh
Chief Security Architect
310.286.3070

> -----Original Message-----
> From: Philpott, Robert [mailto:rphilpott@rsasecurity.com]
> Sent: Tuesday, April 01, 2003 12:53 PM
> To: 'Scott Cantor'; 'jmoreh@sigaba.com';
> 'saml-dev@lists.oasis-open.org';
> 'security-services@lists.oasis-open.org'
> Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of
> ID attributes to SAML 1.0 elements in SAML 1.1
>
>
> Definitely gotta' agree with Scott on this one. Seems a bit risky to me to
> permit schema-invalid documents to be processed by a security system...
>
> Rob Philpott
> RSA Security Inc.
> The Most Trusted Name in e-Security
> Tel: 781-515-7115
> Mobile: 617-510-0893
> Fax: 781-515-7020
> mailto:rphilpott@rsasecurity.com
>
>
> > -----Original Message-----
> > From: Scott Cantor [mailto:cantor.2@osu.edu]
> > Sent: Monday, March 31, 2003 7:37 PM
> > To: jmoreh@sigaba.com; saml-dev@lists.oasis-open.org; security-
> > services@lists.oasis-open.org
> > Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of
> > ID attributes to SAML 1.0 elements in SAML 1.1
> >
> > > Lastly, based on a very informal statistics (i.e., my own experience)
> > not
> > > too many people actually turn on schema validation.
> >
> > This turns out to be a fairly contentious issue. My polling
> runs about 50-
> > 50, with people on both sides very surprised that their
> > position isn't considered "obvious common sense".
> >
> > FWIW, I validate, and don't find XML to be of much value in implementing
> > something like SAML if I don't.
> >
> > But that's why the idea of changing a published schema w/o changing the
> > namespace causes so much debate.
> >
> > -- Scott
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]