OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [security-services] Changes for Core 26



Phill,

> The *server* may treat the URLs to be equivalent by mapping them to
> the same resource. However from the point of view of the URI spec
> they are distinct.
> 
> This was done because the lame UNIX file system is case sensitive.

That's the point. A PDP that knows about "/PRIVATE" (and even 
"/private" too!) is likely to give a bad answer when asked (by 
Joe Public:-) about "/Private" and when the actual resource 
is "really" case insensitive. Unless the PEP automagically
"knows" how the PDP has stored the URI then we've a problem.

Now I don't know how to fix this in general, and agree its probably 
too late to include some sort of heuristic semi-fix in saml 1.0 
(assuming we're sticking to 2396 for URI comparisons), but it 
is still a real issue.

Stephen.


-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC