OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Constrain existing ID attributes?

> I'm not (yet) very comfortable with this change.  

I've never been 100% comfortable with the ID change in general, but I'm going through so much pain over signatures that I've been
swallowing my objections.

> This is the mechanism we employ in our implementation; using 
> a cryptographic-strength 160-bit PRN that's Base64 encoded.  
> So clearly, the Base64 encoding will cause us problems and 
> thus our IDType generation code would have to be changed.  
> Sure, we could hack it by prepending a valid xsd:ID starting 
> character(s) (e.g. "_", "ID"), but that seems a bit hackish.

Yeah, prefixing is pretty much what I was going to do (my non-heavyweight ID generation notwithstanding).

> Is the proposal to completely remove the IDType and 
> IDReferenceType simple types?  If so, that's a bit more 
> invasive change to the specs and schema. 
> Or can it/will it be done by redefining these simple types?

I'd have to assume we'd change those simple types. Do any other pieces reference those types that don't refer to one of the three ID
attributes already?

> We also need to consider that this change will possibly 
> impact some Liberty implementations.  All of those 
> implementers are probably not covered by checking with the 
> saml-dev list?

We already affect them. If we add new ID attributes, then we collide with the Liberty schema that extends saml:Assertion and the
others with an unqualified ID attribute. Unless we namespace-qualified ours (which we could do), we'd collide with theirs.

I actually brought that up to the Liberty TEG and asked if timing-wise, they wanted to base 1.2 on SAML 1.1 to avoid the confusion,
but either way it's confusing.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]