[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Comparison rules for SAML elements(ISSUE:[DS-14-11: CompareElements])
For ensuring that attribute values are compared apples-to-applies, it might
be useful to make a reference to the XML Information Set Recommendation's
definition of normalized attribute values:
http://www.w3.org/TR/xml-infoset/#infoitem.attribute
Hmm, I just noticed that the Infoset spec defines "normalized value" purely
by reference to the XML spec:
http://www.w3.org/TR/REC-xml#AVNormalize
However, using the Infoset terminology (info items and properties) is
becoming canonical, and that spec may help us solve other comparison issues
too, in a more substantive way.
Eve
At 12:02 PM 1/29/02 -0500, Irving Reid wrote:
> > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
> >
> > Don't you need some C14N style stuff about elements and attributes
> > too?
> >
> > Examples that might be relevant (not sure, but in acending order
> > of liklihood):
> >
> > - is absence the same as the presence of a default value?
>
>I don't think we define any default values in our schema.
>
> > - is <foo></foo> the same as <foo/>?
>
>By the definition of XML, yes.
>
> > - <Subject><fred/><bill/></Subject> =
> > <Subject><bill/><fred/></Subject>?
> > - if I have an authentication assertion about <fred> and an
> > attribute assertion about <Subject><fred/><bill/></Subject> does
> > that attribute apply to the subject of the authentication assertion?
> >
> > Now, maybe some of these things are well-defined in the current spec,
> > but if so, it wasn't clear to me I'm afraid.
>
>I'm still not entirely comfortable with the multiple-subject stuff either.
>The intent of the language in core-25, if I'm not mistaken, is to say that
>you can put more than one subject name in to your assertion, but it would be
>a bad idea to have those subject names refer to more than one real-world
>entity.
>
>Given that, your second example where the authn assertion names Fred and the
>attr assertion names Fred and Bill, the attribute would apply to Fred.
>
>This is more an issue of the semantics of multiple subjects, rather than a
>general rule for matching values.
>
> - irving -
>
>
>-----------------------------------------------------------------------------------------------------------------
>The information contained in this message is confidential and is intended
>for the addressee(s) only. If you have received this message in error or
>there are any problems please notify the originator immediately. The
>unauthorized use, disclosure, copying or alteration of this message is
>strictly forbidden. Baltimore Technologies plc will not be liable for direct,
>special, indirect or consequential damages arising from alteration of the
>contents of this message by a third party or as a result of any virus being
>passed on.
>
>
>This footnote confirms that this email message has been swept by
>Baltimore MIMEsweeper for Content Security threats, including
>computer viruses.
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC