OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Addition of more wildcarding

> Making ID optional in the schema could allow for using other 
> xsd:ID based identifiers, like wsu:ID.  We could "STRONGLY 
> RECOMMEND" the use of the SAML-defined IDs in prose, but 
> allow these others.

We thought about that a couple of weeks ago, but as Greg and others noted,
it would be horrible to need to know up front that wsu:Id was needed. An
authority shouldn't have to know its assertions will be used in a particular
way. That's the basic problem with wsu:Id, but xml:id doesn't have that

OTOH, making ID optional would *enable* cases that did know up front to work
better with WSS if the 2.0 STP allowed for that case.

But again, my concern is the interoperability of 2.0. I think we risk a lot
by not mandating use of our ID with 2.0 (even if it's optional in the
schema) unless we're very explicit about people having to support the

Put another way, validation of SAML 2.0 in general would basically require
me to embed support for the wsu schema in case somebody used it. At which
point why don't we just give in and replace our ID with theirs? And that's
such a crazy requirement...

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]