[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Text for response in SAML FAQ
> but there's no way to slip > another ID attribute (wsu:Id or otherwise) into a SAML object. It would be > invalid XML. Hm. It's a subtle question, really. The only-one-ID validity constraint seems to be a constraint on the DTD, not the document. At least, that's how I read the text at http://www.w3.org/TR/2004/REC-xml-20040204/#one-id-per-el Now, if you have a validating parser and a DTD, then DTD constraints get mapped into document constraints. But SAML doesn't define a DTD, and since DTD's are namespace-ignorant, it's not clear to me that you could ever write a SAML DTD, certainly not one that's normative. So perhaps the *real* question is, can you have valid XML without a DTD? If you look at the definition at the end of section 2.8, the answer is no. That's disappointing, but I don't see any other way around it. It means anything that uses namespaces can't be valid XML, just well-formed. Time to go ask the W3C TAG, I guess. Unless someone here can find a hole in my logic. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]