OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Text for response in SAML FAQ

>  so it doesn't seem to make sense to treat
> validity as solely a DTD issue, even if the XML spec contradicts that. I
> don't know why everything has been left out of sync for so long.

Yeah, you'd think they would have thought this was more important than
line endings and namechars for XML 1.1 :)

>  And SAML specifically does not
> permit any attributes from appearing except the ones listed (no wildcard).

Well, that's certainly a definitive answer, and I have no problem
with that.

> So even if it was legal in an XML instance two have two attributes of type
> ID, SAML doesn't allow it. I don't think it's intended to be legal in this
> amalgam I'll call "XML + namespaces + XSD" either, but I don't know.

Me either.  If you look at the validity constraints in the XML spec,
as opposed to just the well-formedness constraints, there's some
useful stuff it would be nice to have.  Schema ends up enforcing the
no-duplicate-ID values constraint, but does not seem to enforce
the no-multiple-ID attributes constraint.

>  I suspect no XSD-validating parsers would handle it, and if it
> were legal it might just be a loophole that gets closed anyway.

My feeling is the exact opposite.
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]