OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ACTION-ITEM: Addition of ID attributes to SAML 1.0 elements in SAML 1.1

We are considering an update to the SAML schema to include an
ID attribute in SAML 1.1.  I am sending this message to alert you to this possibility and to solicit your reactions.
Question: What is the impact of this change on existing SAML 1.0 implementations?
Answer: Loss of "forward-compatibility" in that a SAML 1.0 processor (server) cannot validate a SAML 1.1 document even if the SAML 1.1 document utilizes elements found only in SAML 1.0. Why? Because in SAML 1.1 elements drawn from SAML 1.0 may now carry an ID attribute and a validating parser will find this unacceptable.
So the real question is whether implementors are relying upon forward compatibility. And indeed, whether it is a real problem as opposed to a theoretical possibility.
Keep in mind that version numbers etc. will be appropriately updated so that the SAML 1.0 processor can always determine that it has been handed a SAML 1.1 document.
Prateek Mishra
p: 781-530-6564
c: 781-308-5198

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]