OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Addition of more wildcarding

After seeing the back-and-forth, I agree with Scott.  Even if we made it 
OPTIONAL/RECOMMENDED and in practice required it for doing correlation 
and such, we'd confuse the heck out of everybody and everything by 
allowing other globally scoped ID attributes.  (And he's right about 
xml:* being disallowed until XML officially recognizes it and parsers 
are updated.)

Hmm, maybe we shouldn't add these wildcards after all...  We did say 
that we need a use case for them.


Scott Cantor wrote:

>>Making ID optional in the schema could allow for using other 
>>xsd:ID based identifiers, like wsu:ID.  We could "STRONGLY 
>>RECOMMEND" the use of the SAML-defined IDs in prose, but 
>>allow these others.
> We thought about that a couple of weeks ago, but as Greg and others noted,
> it would be horrible to need to know up front that wsu:Id was needed. An
> authority shouldn't have to know its assertions will be used in a particular
> way. That's the basic problem with wsu:Id, but xml:id doesn't have that
> problem.
> OTOH, making ID optional would *enable* cases that did know up front to work
> better with WSS if the 2.0 STP allowed for that case.
> But again, my concern is the interoperability of 2.0. I think we risk a lot
> by not mandating use of our ID with 2.0 (even if it's optional in the
> schema) unless we're very explicit about people having to support the
> alternatives.
> Put another way, validation of SAML 2.0 in general would basically require
> me to embed support for the wsu schema in case somebody used it. At which
> point why don't we just give in and replace our ID with theirs? And that's
> such a crazy requirement...
> -- Scott
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]