OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] schema validation vs. performance

> I saw the recent saml-dev thread regarding pros & cons of 
> SAML schema validation, but I'm not sure what the conclusions 
> were (if any).  Can someone please summarize?

I don't think there are any. Some people like it, some people don't. I've come to think I should have supported non-validation (I'm
an XML novice), but I frankly see no value in doing validation if the code is written to support non-validation. So I'd probably
just stop doing it. Which I guess is a conclusion of sorts.

> With the SAML product we're using, we see tremendous 
> performance degradation when we turn on schema validation.  
> (Ditto for digital signing.)  Need to defend its value to 
> justify the impact.

For me, it's an insignificant consideration because my loads are lighter than yours (I'm guessing), and the signature processing has
got to totally blow away the validation in the equation. If not, somebody should fix XML Schema!

Obviously, dsig isn't something you just stop. Either you need it or you don't. If your implementation is slow for some reason, then
crypto hardware might help, I assume.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]