[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Status of and recommendation on SAML version info
Currently we have an in-band mechanism for identifying the version of a chunk of SAML information (the MajorVersion and MinorVersion attributes on several elements). We agreed on this at the Waltham F2F. We were a little bit fuzzier about what we should do with our namespace URI. Currently, our placeholder namespace URIs are just the schema filename, with internal version information (e.g., "-25") in it. I had been advocating that the namespace URI (a) not be a "real" web resource/filename, and (b) not contain version information. However, common practice has overtaken me on both counts: - Regarding real filenames: Schema tools are happiest when they can use the namespace name as the filename for accessing the schema. This isn't supposed to be required behavior, but it might as well be given the state of the tools. - Regarding versioning in namespace names: In some forums (for example, the UBL TC), it's considered a reasonable option to have version information easily accessible both to processors that handle the message and to the software that maps the namespace URI to validation and handling software. This would mean including version information in both the *Version attributes and the namespace URI. Thus, using these two rationales, I propose that we use something like the following as namespace URIs for our two namespaces: http://www.oasis-open.org/committees/security/saml/1.0/saml-assertion.xsd http://www.oasis-open.org/committees/security/saml/1.0/saml-protocol.xsd (Tools should generally use caching and/or catalogs as a means of not having to retrieve the schema files every time they're referenced.) Eve -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC