[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of ID attributes to SAML 1.0 elements in SAML 1.1
I certainly agree with Scott's statement. I was merely observing that a significant number of implementations do not use schema validation. Jahan ---------------- Jahan Moreh Chief Security Architect 310.286.3070 > -----Original Message----- > From: Philpott, Robert [mailto:rphilpott@rsasecurity.com] > Sent: Tuesday, April 01, 2003 12:53 PM > To: 'Scott Cantor'; 'jmoreh@sigaba.com'; > 'saml-dev@lists.oasis-open.org'; > 'security-services@lists.oasis-open.org' > Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of > ID attributes to SAML 1.0 elements in SAML 1.1 > > > Definitely gotta' agree with Scott on this one. Seems a bit risky to me to > permit schema-invalid documents to be processed by a security system... > > Rob Philpott > RSA Security Inc. > The Most Trusted Name in e-Security > Tel: 781-515-7115 > Mobile: 617-510-0893 > Fax: 781-515-7020 > mailto:rphilpott@rsasecurity.com > > > > -----Original Message----- > > From: Scott Cantor [mailto:cantor.2@osu.edu] > > Sent: Monday, March 31, 2003 7:37 PM > > To: jmoreh@sigaba.com; saml-dev@lists.oasis-open.org; security- > > services@lists.oasis-open.org > > Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of > > ID attributes to SAML 1.0 elements in SAML 1.1 > > > > > Lastly, based on a very informal statistics (i.e., my own experience) > > not > > > too many people actually turn on schema validation. > > > > This turns out to be a fairly contentious issue. My polling > runs about 50- > > 50, with people on both sides very surprised that their > > position isn't considered "obvious common sense". > > > > FWIW, I validate, and don't find XML to be of much value in implementing > > something like SAML if I don't. > > > > But that's why the idea of changing a published schema w/o changing the > > namespace causes so much debate. > > > > -- Scott >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]