OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Text for response in SAML FAQ

> That's disappointing, but I don't see any other way around it.
> It means anything that uses namespaces can't be valid XML, just
> well-formed.  Time to go ask the W3C TAG, I guess.  Unless someone here
> can find a hole in my logic.

Well, most of the specs predate XML Schema, and it was intended to replace
DTDs (no arguments please), so it doesn't seem to make sense to treat
validity as solely a DTD issue, even if the XML spec contradicts that. I
don't know why everything has been left out of sync for so long.

But SAML itself is also defined in terms of XSD. So there's a question of
SAML "validity" quite apart from XML itself. And SAML specifically does not
permit any attributes from appearing except the ones listed (no wildcard).
So even if it was legal in an XML instance two have two attributes of type
ID, SAML doesn't allow it. I don't think it's intended to be legal in this
amalgam I'll call "XML + namespaces + XSD" either, but I don't know.

We discussed xml:id during 2.0 development, and nobody even hinted at the
possibility that it would be legal to have a SAML ID as well as a foreign ID
attribute. I suspect no XSD-validating parsers would handle it, and if it
were legal it might just be a loophole that gets closed anyway.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]