[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Just checked the schema files against thespec snippets...
Philpott, Robert wrote: > I just created text files from all the code snippets and diff'ed them > against the 1.1 schema files: > > > > Assertion schema differences from the spec snippets: > > 1. The only difference I encountered for the assertion schema was > that the schema file contains the revision history documentation in the > top-most annotation. The snippet contains an ellipsis in its place. > Personally, I think the revision history comments might be quite > informative to the spec reader and we might want to consider including > them. It's only a few lines in each. Just a thought. Good idea. Done. > Protocol schema differences from the spec snippets: > > 1. Same comment re: the revision history applies. Done. > 2. In the snippet, the XML-DSig spec schemaLocation is just a > filename. In the schema, it is the full URL. For -assertion, the full > URL is used in both the snippets and schema file. I think the spec > snippet should be updated with the full URL. Fixed. > 3. In the schema file, the document identifier in the annotation has > "oasis-" prefixed. The spec snippet does not. The schema file is > incorrect in this case and should be changed Done. (I just kept the draft-01 number; s'okay?) > 4. In the spec snippet for the AuthorizationDecisionQueryType > definition, the ref="saml:Evidence" element has a maxOccurs attribute > set to "1". The 1.1 schema file does NOT have a maxOccurs element. The > V1.0 schema DOES have a maxOccurs element set to "1". I don't remember > whether: > > a. This was intentionally removed from the schema file and the spec > snippet did not get updated. I don't understand why this would be done > since it would default to "1" if not specified. Right? > > b. This was accidentally dropped from the schema file. > > c. Someone meant to change the attribute to "unbounded". I don't > recall anything about this and I really don't think it should be done. > Note that the child elements of Evidence permit specifying multiple > Assertion or AssertionIDReference elements. > > Since it will default to "1", it's not a major problem unless we were > really doing "c". If so, shouldn't we put it back in the schema file? I changed the snippet as the path of least resistance; at some point, we rationalized this to remove the maxOccurs="1"s, and I probably noticed this one in the schema and fixed without fixing the corresponding snippet. Eve -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Technologies and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]