OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] new text for conformance related to unboundedelements

Title: new text for conformance related to unbounded elements

hi -

i've attached a proposed revision to the text related to the issue of nested unbounded elements. It looked to me like there were three ways to address this issue:

- Ignore it (which is what i did in the previous spec), with the potential that in the case of deepest nesting  (which i think is the one Irving points up in his mail: Response > Assertion > Statement > Attribute > AttributeValue) you end up with potentially millions of elements in a response.

- Stipulate graduated limits for potentially nested elements, such that no tree of nested elements has to exceed whatever limit we suggest as required for conformance

- Allow an application or implementation to restrict a request, response or assertion (in the Post profile) to contain no more than whatever limit we suggest as required for conformance, but all individual unbounded elements must support the same minimum.

The last is what i've written up in the attached "unbounded_new.doc" and will include in the revised conformance spec that i'll send out this weekend. But suggestions are very welcome!

bob

<<unbounded_new.doc>>

-----Original Message-----
From: Irving Reid [mailto:Irving.Reid@baltimore.com]
Sent: Thursday, January 31, 2002 10:52 AM
To: 'Robert Griffin'; oasis sstc
Cc: 'CHARLES.J.NORWOOD@saic.com'; 'sai.allavarpu@sun.com';
'lynne.rosenthal@nist.gov'; 'mark.skall@nist.gov'
Subject: RE: [security-services] revised conformance spec

In cases where we have nested unbounded elements, are we talking about 1000
total, or 1000 for each nested element? The multipliers could get large -
1000 attribute values in each of 1000 attributes in each of 1000 statements
in each of 1000 assertions in a samlp:Response...

I can't think of good wording of the top of my head, but I'd like to see
something like:

In cases where repeated elements are nested within other repeated elements,
implementations must be capable of processing documents where the total
number of elements within the entire document does not exceed the minimum.

 - irving -


unbounded_new.doc

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC