[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Recommendation: SAML elements shouldbefullyqualified
At 02:41 PM 11/2/01 -0500, Rich Salz wrote: >I was objecting to this comment from email by Prateek > > I guess another way of putting this is a recommendation > >to avoid use of SAML elements while making some assumption > >about the default namespace. > >*Of course* SAML is defining elements (and attributes) in the SAML >namespace. If the document says more than that, I believe it runs the >risk of confusing people. It's like saying "element names must be >prefixed with less-than" I can see your point, but namespaces are not exactly a transparent subject, and a lot of people mix up prefixing and qualifying. In fact, it's more common to assume that <saml:foo> is the hardwired element name than it is to realize that the "saml:" part is variable and optional. And it is indeed a conformance issue -- if you try to test your "SAML" message and it's not in the SAML namespace, we would want it to fail. As opposed to ill-formed "XML" documents (which aren't XML at all), unqualified elements are legitimate according to the XML Namespaces spec. That said, I'm not passionately in favor of including this information; I just thought it was already agreed on by the group. Eve -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC