[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Last call issues with schema
I've been communicating with Eve regarding a couple of outstanding issues with the proposed 1.1 schemas, discovered during my implementation testing of signed messages based on the new spec. Mostly things are looking good, but I discovered two problems with our attribute/type definitions, one a definite XML bug, the other technically correct but wrongly implemented by at least one popular parser. The definite change is that we currently propose that the saml:IDReferenceType be an IDREF, and this is not legal in XML because an IDREF has to be referencing an ID value that appears in the document. Our use of IDReferenceType is for attributes like InResponseTo that reference ID values in a *different* message. We need to change the type to xsd:NCName which has the same syntax as IDREF but doesn't have any other requirements. The other issue is due to the fact that our new ID attributes are not directly given the xsd:ID type, but are given the saml:IDType type, which is in turn an xsd:ID. This seems to be legal, but is not supported by one validating parser that I know of, Xerces-C (as of 2.2). They plan to fix this at some point. Xerces-J does support this now. I don't know how many other parsers might exhibit the bug. We could consider removing the saml:IDType type, and just directly define AssertionID/etc. as xsd:ID, in the interest of making life easy for implementers. I'm not sure we lose anything important doing that, since the only real reason to define a new type is to change the allowable values, and we don't do that. If we did want to do that, and I'm not sure why we would, we could do it in 2.0. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]