OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] XPath document/profile naming

> On the call you mentioned that the xpath attribute profile 
> should use a different naming convention.  Specifically that 
> it shouldn't be referencing version 2 of the saml 
> specifications.  I'm unsure if you were talking about the 
> file name or the profile name urn.

Mostly I meant the profile and/or XML namespaces, but the filename is
probably an issue at some point.

> Proposed names: 
> file:  "draft-saml-path-attribute-profile-[version]"   -- 
> follows pattern of saml 1.x metadata 
> profile: "urn:oasis:names:tc:SAML:profiles:attribute:XPath" 

I think that's the gist.

> This profile name change seems odd because this is a profile 
> on the SAML 2.0 specification - even if it isn't part of the 
> saml 2.0 specs.

Well, the rules in the spec that came out of the 1.1 mess are very explicit.
Version numbers appearing in these things MUST match the version of the
specification in which the thing being named is introduced.

As I noted several weeks back, this is a problem when dealing with things
whose introduction is not tied to a specification release. My conclusion
therefore was that they shouldn't have version numbers in them, but I did
say that I didn't really know what to do.

Ultimately, my reasoning is that people shouldn't be parsing out semantics
from these names. If you want to know what the profile is based on, read it.
Otherwise, it's just a string. If it doesn't match, this ain't that, so to
speak. To me, two non-equal XML namespaces have nothing to do with each
other. If somebody wants to capture the fact that one is a successor to
another, I think that should be captured out of band, or we're swimming
against what the XML specs allow us to be doing.

> Also, I thought you had other objections but I don't recall 
> what they were?   

Oh, I just noted a small error in the text where I believe it refers to the
NameID element when it actually means the Name XML attribute. I will do a
more thorough read by end of Friday. I had a question or two (not so much
objection), but I want to read it more closely before I try and ask
something.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]