OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Last call issues with schema

I've been communicating with Eve regarding a couple of outstanding issues with the proposed 1.1 schemas, discovered during my
implementation testing of signed messages based on the new spec.

Mostly things are looking good, but I discovered two problems with our attribute/type definitions, one a definite XML bug, the other
technically correct but wrongly implemented by at least one popular parser.

The definite change is that we currently propose that the saml:IDReferenceType be an IDREF, and this is not legal in XML because an
IDREF has to be referencing an ID value that appears in the document. Our use of IDReferenceType is for attributes like InResponseTo
that reference ID values in a *different* message. We need to change the type to xsd:NCName which has the same syntax as IDREF but
doesn't have any other requirements.

The other issue is due to the fact that our new ID attributes are not directly given the xsd:ID type, but are given the saml:IDType
type, which is in turn an xsd:ID. This seems to be legal, but is not supported by one validating parser that I know of, Xerces-C (as
of 2.2). They plan to fix this at some point. Xerces-J does support this now. I don't know how many other parsers might exhibit the

We could consider removing the saml:IDType type, and just directly define AssertionID/etc. as xsd:ID, in the interest of making life
easy for implementers. I'm not sure we lose anything important doing that, since the only real reason to define a new type is to
change the allowable values, and we don't do that. If we did want to do that, and I'm not sure why we would, we could do it in 2.0.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]