OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] Thoughts wrt draft-sstc-saml-issues-status-01


It's "like" an XML namespace, but XML namespaces have distinct partitions 
(symbol spaces over which the values must be unique: elements, global 
attributes, and local-attributes-per-element), and these partitions don't 
include attribute values.

Blood has practically been spilled over the question of namespace prefixes 
in attribute values.  This is yet another issue of the same ilk.  I'd 
rather not put SAML in a position of defending a position on namespaces -- 
that its "namespaces" are true XML namespaces -- that is technically and 
philosophically this messy...

That said, as long as we keep our definitions straight and remember the 
distinction between SAML namespaces and XML namespaces, I'm not going to go 
to the mat to change our current design.

         Eve

At 11:05 PM 1/29/02 -0500, Scott Cantor wrote:
> > I added prose in core 1.3.2, and also added a definition of
> > "XML namespace" to the glossary, to try to explain away the "SAML
> > namespace" vs. "XML namespace" distinction, but it's pretty awkward
>and
> > confusing.
>
>I just re-read 1.3.2 to refresh my memory. I have this urge to say
>something like "if an XML namespace falls in the forest, does it make a
>sound?". The following may sound weird, but bear with me for a sec...
>
>I asked Irving last Friday when a URI reference "becomes" an XML
>namespace identifier (his answer being when it's used as one in an XML
>instance). I'm not sure I totally agree, in the sense that I feel like a
>namespace can have an identity apart from its first use in XML.
>
>Schema didn't exist when namespaces were proposed, so it's fair to say
>that you don't need a schema, or by extension specific elements and
>attributes before you can say "I have a namespace here". IOW, the
>namespace comes before the names it contains.
>
>By this thinking, first you say "here's a URI for this namespace of
>mine" and *then* you stick into XML for the first time.
>
>What I'm trying to say is that since AttributeNamespace is a URI
>reference meant to qualify SAML attribute names, it feels an awful lot
>like an XML namespace to me, whether it ever shows up in an xmlns
>attribute or not. So maybe it really is a distinction not worth calling
>out, since it basically has the same kind of semantics to it.
>
> > AttributeNameQualifier isn't too bad, but ActionValueQualifier doesn't
> > work quite as well.  AttributeNameSet and ActionValueSet?
>
> From a consistency standpoint, it would just be ActionQualifier, which
>sounds a little better to me than ActionValueQualifier, but I don't have
>a strong opinion on it.
>
>After having a chance to work it through a little, I guess I'm less
>bothered by the name than I was last week. It may be that trying to make
>it clear that it's not processed as a namespace by the XML parser by
>changing the name to something unusual is just going to confuse people
>more.
>
>-- Scott

--
Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC