Just checked the schema files against the spec snippets...

["Philpott, Robert" <rphilpott@rsasecurity.com>]

I just created text files from all the code snippets and diff'ed them against the 1.1 schema files:

 

Assertion schema differences from the spec snippets:

1.    The only difference I encountered for the assertion schema was that the schema file contains the revision history documentation in the top-most annotation. The snippet contains an ellipsis in its place.  Personally, I think the revision history comments might be quite informative to the spec reader and we might want to consider including them.  It's only a few lines in each.  Just a thought.

 

Protocol schema differences from the spec snippets:

1.    Same comment re: the revision history applies. 

2.    In the snippet, the XML-DSig spec schemaLocation is just a filename.  In the schema, it is the full URL. For -assertion, the full URL is used in both the snippets and schema file. I think the spec snippet should be updated with the full URL.

3.    In the schema file, the document identifier in the annotation has "oasis-" prefixed.  The spec snippet does not.  The schema file is incorrect in this case and should be changed

4.    In the spec snippet for the AuthorizationDecisionQueryType definition, the ref="saml:Evidence" element has a maxOccurs attribute set to "1".  The 1.1 schema file does NOT have a maxOccurs element.  The V1.0 schema DOES have a maxOccurs element set to "1". I don't remember whether:

a.    This was intentionally removed from the schema file and the spec snippet did not get updated.  I don't understand why this would be done since it would default to "1" if not specified. Right?

b.    This was accidentally dropped from the schema file.

c.    Someone meant to change the attribute to "unbounded". I don't recall anything about this and I really don't think it should be done. Note that the child elements of Evidence permit specifying multiple Assertion or AssertionIDReference elements.

Since it will default to "1", it's not a major problem unless we were really doing "c".  If so, shouldn't we put it back in the schema file?

 

 

Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-515-7115

Mobile: 617-510-0893

Fax: 781-515-7020

mailto:rphilpott@rsasecurity.com

 

 

> -----Original Message-----

> From: Eve L. Maler [mailto:eve.maler@sun.com]

> Sent: Thursday, May 01, 2003 8:24 AM

> To: Philpott, Robert

> Subject: Re: schema snippets in core

>

> There have been very few changes, and I've been doing them by hand.  I

> have no idea what tool he used...  If you want to take a look at this,

> focus on the IDType stuff and the headers.  Thanks!

>

>     Eve

>

> Philpott, Robert wrote:

> > Hi again - I think I recall in v1 that Phill used a tool to ensure that

> > the schema snippets in -core are consistent with the current actual .xsd

> > file.

> >

> >

> >

> > Have you been using this same tool or have you been cutting/pasting?

> >

> >

> >

> > Just curious - up to now, I haven't done any verification of the schema

> > against the snippets.  Should I try to find time to do that?

> >

> >

> >

> > Thanks,

> >

> > *Rob Philpott*

> > *RSA Security Inc.*

> > /The Most Trusted Name in e-Security/

> > *Tel: 781-515-7115*

> > *Mobile**: 617-510-0893*

> > *Fax: 781-515-7020*

> > mailto:rphilpott@rsasecurity.com

> >

> >

> >

>

> --

> Eve Maler                                        +1 781 442 3190

> Sun Microsystems                            cell +1 781 354 9441

> Web Technologies and Standards               eve.maler @ sun.com