RE: [saml-dev] RE: [security-services] RE: [saml-dev] ACTION-ITEM:Addition of ID attributes to SAML 1.0 elements in SAML 1.1

[Scott Cantor <cantor.2@osu.edu>]

> I certainly agree with Scott's statement. I was merely 
> observing that a significant number of implementations do not 
> use schema validation.

That's undeniably true.

There's actually an interesting debate that kind of parallels this, on the xml-dist-app list over how one could implement a
streaming SOAP node, since if you start sending a valid response before you get to the end of the request, you may find that the
SOAP XML envelope wasn't well-formed, and now you're stuck, unable to send the proper fault.

So even non-validating parsing can introduce issues when you try and marry XML to the principle of being liberal in what you accept.
There's only so far you can take it before you have to simply deal with the fact that XML implies a strictness that the older
text-based protocols don't.

-- Scott