OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] RE: Comments on XML signature guidelines draft


is the addition of an "ID" attribute to SAML 1.1 worth considering?

From my limited understanding of the situation, it appears that some kind of
standard "hook" is needed to point to pieces of XML. As XPath is a tree
pattern-matching language, unsurprisingly it often exhibits 
exponential behavior. The "ID" approach is not great but gives the required

- prateek

>>> I think this is worth considering, particularly since it 
>>> still avoids the use of the original slow XPath transform. It 
>>> seems like we have to either avoid optional pieces of the 
>>> spec and use the original XPath transform, or pick which 
>>> optional piece to use, an XPointer Reference or an XPath2 Transform.
>>Correction: I see now that even the original XPath transform is not a
>>MUST. So it would seem (unless I'm missing something) that without #id
>>support in SAML, there is no way to implement the necessary 
>>transform or
>>reference *at all* without using some optional piece of the
>>specification, be it XPath, XPath2, or XPointer references.
>>> If we can get a sense of the implementations around and 
>>> whether XPointer support is common, that might help decide 
>>> the question.
>>For further reference in answering this question:
>>-- Scott
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC