[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Comparison rules for SAMLelements(ISSUE:[DS-14-11: CompareEleme nts])
Irving, Don't you need some C14N style stuff about elements and attributes too? Examples that might be relevant (not sure, but in acending order of liklihood): - is absence the same as the presence of a default value? - is <foo></foo> the same as <foo/>? - <Subject><fred/><bill/></Subject> = <Subject><bill/><fred/></Subject>? - if I have an authentication assertion about <fred> and an attribute assertion about <Subject><fred/><bill/></Subject> does that attribute apply to the subject of the authentication assertion? Now, maybe some of these things are well-defined in the current spec, but if so, it wasn't clear to me I'm afraid. Stephen. Irving Reid wrote: > > Stephen Farrell pointed out in his message > http://lists.oasis-open.org/archives/security-services/200201/msg00168.html > that we don't have any text in the current draft describing how to compare > values in SAML data structures. > > I suggest that we add a subsection near the end of Section 1. If there's a > more "standards-language" way of referring to the W3C specifications, the > editors can feel free to make the required changes. > > ----------------------------------------------------- > Comparing SAML values > > Unless otherwise noted, all elements in SAML documents that have the XML > Schema "string" type, or a type derived from that, MUST be compared using an > exact binary comparison. In particular, SAML implementations and deployments > MUST NOT depend on case-insensitive string comparisons, normalization or > trimming of white space, or conversion of locale-specific formats such as > numbers or currency. This requirement is intended to conform to the W3C > Requirements for String Identity, Matching, and String Indexing > (http://www.w3.org/TR/WD-charreq). > > [I would put a section specifically calling out comparison of dateTime > elements here, but we need to finish arguing about it first] > > If an implementation is comparing values that are represented using > different character encodings, the implementation MUST use a comparison > method that returns the same result as converting both values to the Unicode > character encoding (http://www.unicode.org), Normalization Form C (as > described in http://www.unicode.org/unicode/reports/tr15/tr15-21.html) and > then performing an exact binary comparison. This requirement is intended to > conform to the W3C Character Model for the World Wide Web > (http://www.w3.org/TR/charmod/), and in particular the rules for > Unicode-normalized Text > (http://www.w3.org/TR/charmod/#sec-Unicode-normalized) > ------------------------------------------------------ > > - irving - > > ----------------------------------------------------------------------------------------------------------------- > The information contained in this message is confidential and is intended > for the addressee(s) only. If you have received this message in error or > there are any problems please notify the originator immediately. The > unauthorized use, disclosure, copying or alteration of this message is > strictly forbidden. Baltimore Technologies plc will not be liable for direct, > special, indirect or consequential damages arising from alteration of the > contents of this message by a third party or as a result of any virus being > passed on. > > > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC