OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] Recommendation: SAML elements shouldbefullyqualified

At 02:41 PM 11/2/01 -0500, Rich Salz wrote:
>I was objecting to this comment from email by Prateek
> > I guess another way of putting this is a recommendation
> >to avoid use of SAML elements while making some assumption
> >about the default namespace.
>*Of course* SAML is defining elements (and attributes) in the SAML
>namespace. If the document says more than that, I believe it runs the
>risk of confusing people.  It's like saying "element names must be
>prefixed with less-than"

I can see your point, but namespaces are not exactly a transparent subject, 
and a lot of people mix up prefixing and qualifying.  In fact, it's more 
common to assume that <saml:foo> is the hardwired element name than it is 
to realize that the "saml:" part is variable and optional.  And it is 
indeed a conformance issue -- if you try to test your "SAML" message and 
it's not in the SAML namespace, we would want it to fail.  As opposed to 
ill-formed "XML" documents (which aren't XML at all), unqualified elements 
are legitimate according to the XML Namespaces spec.

That said, I'm not passionately in favor of including this information; I 
just thought it was already agreed on by the group.

Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC