OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Text for response in SAML FAQ


>  but there's no way to slip
> another ID attribute (wsu:Id or otherwise) into a SAML object. It would be
> invalid XML.

Hm.  It's a subtle question, really.  The only-one-ID validity constraint
seems to be a constraint on the DTD, not the document.  At least, that's
how I read the text at
        http://www.w3.org/TR/2004/REC-xml-20040204/#one-id-per-el
Now, if you have a validating parser and a DTD, then DTD constraints
get mapped into document constraints.

But SAML doesn't define a DTD, and since DTD's are namespace-ignorant,
it's not clear to me that you could ever write a SAML DTD, certainly
not one that's normative.

So perhaps the *real* question is, can you have valid XML without a DTD?
If you look at the definition at the end of section 2.8, the answer is no.

That's disappointing, but I don't see any other way around it.
It means anything that uses namespaces can't be valid XML, just
well-formed.  Time to go ask the W3C TAG, I guess.  Unless someone here
can find a hole in my logic.

        /r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]