OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Propose addition of a SubjectRef element

> Since assertions are the unit that gets shuttled around, we won't have 
> any problems with (say) caching of a statement that is missing its 
> relevant subject information, right?

We'd have exactly the same problem with a "default" subject. Since
Conditions is normative and is not part of the statement, I see no way to
carry a statement independently anyway.

>   I can't help feeling that it privileges the statements that get lucky 
> enough to actually contain the real subject info.  (It would be "cleaner"
> put the shared subject info at the assertion level, as we 
> do some other pieces of shared info, but then sometimes you'd still need 
> per-statement subject info, which wrecks the cleanliness in a bunch of 
> ways.)

As I said, I think that's far more complex to specify in the abstract.
Personally, I'd rather pull it out and eliminate the ambiguity of statements
with different subjects altogether, but I assumed we weren't prepared to
change that much.

> And are there any ill effects if you make a forward reference in 
> terms of document order?

We can check, but I certainly doubt it. I suppose it's an issue with some
forms of SAX processing, but if we start designing around streaming of
assertions, we're diving down a deep rathole. XML Signature is virtually
DOM-centric anyway.

I'll fully support either this or a complete refactoring of Subject out, but
I think optionally doing it is worse than either of those.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]