[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Schema corrections in SAML token profile 1.1 draft-01
Reviewing the public review Draft 01, 28 June 2005, there are some small errors in the usage of the KeyInfoConfirmationDataType introduced in SAML 2.0. Some of this is just editorial, but the XML usage itself is also incorrect and would not validate against the SAML 2.0 assertion schema. There's nothing really normative here for the profile itself, I'm just correcting the examples so nobody is doing the wrong thing on the wire. Lines 234-236 discuss the new mechanism for including a key-based confirmation, I suggest rewording as follows: "In the case of a key dependent confirmation method, a complex schema type, saml2:KeyInfoConfirmationDataType, that includes 1 or more <ds:KeyInfo> elements, can be specified as the xsi:type of the <saml2:SubjectConfirmationData> element." The original wording seems to show the data type as an element name (inside <> symbols) which isn't correct. It's merely a type, not an element. In the example at line 254, it needs to be corrected to: <SubjectConfirmationData xsi:type="saml2:KeyInfoConfirmationDataType">"> ... </SubjectConfirmationData> The "xsi" prefix may need to be bound in the examples if you want to be strictly correct. Again, there is no actual <saml2:KeyInfoConfirmationData> element defined in SAML 2.0 because we blocked the use of substitution groups in various places to more precisely establish the exact element names that would appear in extension points. This same correction applies to examples at lines 813 and 1022. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]