[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: (ex / non ex) canonical XML
All, Forces beyond my control have taken
me on a little trip back in time to look at SAML 1.0 (I didn’t get
involved in this space until after SAML 1.1 was out so this has been an interesting
learning experience for me). I see that one of the major
differences between dot zero and dot one is changing the recommended c14n method
from canonical XML (http://www.w3.org/TR/2001/REC-xml-c14n-20010315) to exclusive canonical XML (http://www.w3.org/2001/10/xml-exc-c14n#). I can see why this change was made and, although
I’ve not yet had the pleasure, I can imagine that there were some
interoperability problems when trying to use the non-exclusive transform.
My question is - how did SAML 1.0 implementations deal with this? Were
they only able to interoperate when signatures where applied to the response in
the post profile? What is the value of a signed assertion if the
signature cannot be verified independent of its original document context (I
guess there isn’t one and that’s why 1.1 made the change but did
implementations try to work around it somehow)? Did implementers end up
just using exclusive in spite of the spec recommendation? I would appreciate any historical
perspective that can be provided by those of you that have been involved with
stuff longer than I. Thanks, Brian By the way, the sstc-saml-diff-1.1-draft-01
document has proven to be a very informative resource - I’d like to say thanks
to Prateek, Dipak, Jahan and Robert. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]