Re: [security-services] Just checked the schema files against thespec snippets...

["Eve L. Maler" <eve.maler@sun.com>]

Philpott, Robert wrote:
> I just created text files from all the code snippets and diff'ed them 
> against the 1.1 schema files:
> 
>  
> 
> Assertion schema differences from the spec snippets:
> 
> 1.    The only difference I encountered for the assertion schema was 
> that the schema file contains the revision history documentation in the 
> top-most annotation. The snippet contains an ellipsis in its place.  
> Personally, I think the revision history comments might be quite 
> informative to the spec reader and we might want to consider including 
> them.  It's only a few lines in each.  Just a thought.

Good idea.  Done.

> Protocol schema differences from the spec snippets:
> 
> 1.    Same comment re: the revision history applies. 

Done.

> 2.    In the snippet, the XML-DSig spec schemaLocation is just a 
> filename.  In the schema, it is the full URL. For -assertion, the full 
> URL is used in both the snippets and schema file. I think the spec 
> snippet should be updated with the full URL.

Fixed.

> 3.    In the schema file, the document identifier in the annotation has 
> "oasis-" prefixed.  The spec snippet does not.  The schema file is 
> incorrect in this case and should be changed

Done.  (I just kept the draft-01 number; s'okay?)

> 4.    In the spec snippet for the AuthorizationDecisionQueryType 
> definition, the ref="saml:Evidence" element has a maxOccurs attribute 
> set to "1".  The 1.1 schema file does NOT have a maxOccurs element.  The 
> V1.0 schema DOES have a maxOccurs element set to "1". I don't remember 
> whether:
> 
> a.    This was intentionally removed from the schema file and the spec 
> snippet did not get updated.  I don't understand why this would be done 
> since it would default to "1" if not specified. Right?
> 
> b.    This was accidentally dropped from the schema file.
> 
> c.    Someone meant to change the attribute to "unbounded". I don't 
> recall anything about this and I really don't think it should be done. 
> Note that the child elements of Evidence permit specifying multiple 
> Assertion or AssertionIDReference elements.
> 
> Since it will default to "1", it's not a major problem unless we were 
> really doing "c".  If so, shouldn't we put it back in the schema file?

I changed the snippet as the path of least resistance; at some point, we 
rationalized this to remove the maxOccurs="1"s, and I probably noticed 
this one in the schema and fixed without fixing the corresponding snippet.

	Eve
-- 
Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Technologies and Standards               eve.maler @ sun.com