[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of ID attributes to SAML 1.0 elements in SAML 1.1
Definitely gotta' agree with Scott on this one. Seems a bit risky to me to permit schema-invalid documents to be processed by a security system... Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Monday, March 31, 2003 7:37 PM > To: jmoreh@sigaba.com; saml-dev@lists.oasis-open.org; security- > services@lists.oasis-open.org > Subject: RE: [security-services] RE: [saml-dev] ACTION-ITEM: Addition of > ID attributes to SAML 1.0 elements in SAML 1.1 > > > Lastly, based on a very informal statistics (i.e., my own experience) > not > > too many people actually turn on schema validation. > > This turns out to be a fairly contentious issue. My polling runs about 50- > 50, with people on both sides very surprised that their > position isn't considered "obvious common sense". > > FWIW, I validate, and don't find XML to be of much value in implementing > something like SAML if I don't. > > But that's why the idea of changing a published schema w/o changing the > namespace causes so much debate. > > -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]