[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: question on namespace definitions from ancestor element
A question from the SAML IOP test event has arisen. Any
guidance would be appreciated. Must an Assertion element be constructed so that it can be
validated as a standalone element, outside of the enclosing Response element,
with respect to its namespace definition? Or, should the SP be able to obtain
the namespace definition from the Response ancestor if the prefix is defined in
PrefixList attribute of the InclusiveNamespaces element. One of the parties involved
cited section 5.4.3 of SAML Core that the assertion should be validated
independent of the Response. Below is the Response in question. Key part is the prefix “xmlns:xs="http://www.w3.org/2001/XMLSchema”
defined in the Response element and used later in an Attribute found in the
Assertion. <samlp:Response
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema" …// Cut out rest of
the attributes> <saml:Assertion
ID="Assertion-uuid7ebdc94e-0122-112e-8a00-a4a0d87c9b31"
IssueInstant="2009-07-15T14:08:02Z" Version="2.0"> <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="uuid7ebdc964-0122-1d1f-8bcd-a4a0d87c9b31"><ds:SignedInfo> <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference
URI="#Assertion-uuid7ebdc94e-0122-112e-8a00-a4a0d87c9b31"> <ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><xc14n:InclusiveNamespaces
xmlns:xc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xsi xs
saml"></xc14n:InclusiveNamespaces></ds:Transform></ds:Transforms> ...// Rest of the Signature element ...// More parts of the Assertion <saml:AttributeStatement> <saml:Attribute
Name="us:gov:e-authentication:basic:assuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue
xsi:type="xs:string">test</saml:AttributeValue></saml:Attribute> </saml:AttributeStatement> </saml:Assertion></samlp:Response> Kyle Meadors Drummond Group Inc. Principal, Test Process 817-709-1627 Calendar: http://tinyurl.com/KyleMeadors-DGI-Calendar * * * * * * * * * * * * * * * * * * * * * * * * CONFIDENTIALITY DISCLAIMER This email, including attachments, is confidential and
proprietary. It constitutes exclusive communication solely to the addressee.
Any entity other than the intended addressee is prohibited from use of this
communication for any purpose. This email, including attachments, may not be
distributed, whole or in part. * * * * * * * * * * * * * * * * * * * * * * * * |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]