[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Critical ISSUE (RE: [wss-comment] Enumerations of QName fault codes)
The fault codes are for use in the fault messages defined by SOAP. Those schema use QNames, so in this case, I don't believe we have the option to use URIs. regards, -Pete On Thu, Jan 29, 2004 at 11:42:20PM -0500, Reid, Irving wrote: > In http://www.oasis-open.org/committees/download.php/5072/oasis-200401-wss-soap-message-security-1.0.pdf, section 12, lines 1483 and forward, repeats the wsse:whatever strings. However, you're right, it doesn't look like the enumeration defined in the .xsd file is directly connected to the rest of the schema or specification. Maybe that's a bug too... > > - irving - > > > > -----Original Message----- > > From: DeMartini, Thomas [mailto:Thomas.DeMartini@CONTENTGUARD.COM] > > > > Where is the simpleType "wsse:FaultcodeEnum" ever used? If it is not > > used anywhere, how can it cause a problem? > > > > &Thomas. > > > > -----Original Message----- > > From: Reid, Irving [mailto:irving.reid@hp.com] > > > > Scott pointed this out to me, and I encouraged him to send this in to > > the comment list. Just to make sure people understand what > > the issue is: > > > > SOAP faults are defined as XML QNAMEs; that is, strings that include > > namespace tags based on the namespace declarations in scope > > at the point > > in the document instance where the QNAME is found. As an example, the > > two following documents have exactly the same meaning under XML > > processing rules: > > > > <ws:Fault xmlns:ws="http://what/ev/er"> > > ws:faultCodeNumberOne > > </ws:Fault> > > > > <wsse:Fault xmlns:wsse="http://what/ev/er"> > > wsse:faultCodeNumberOne > > </wsse:Fault> > > > > > > The only change is the namespace tag used within the instance; the > > actual namespace is the same. > > > > > > However, in > > http://www.oasis-open.org/committees/download.php/5076/oasis-2 > 00401-wss- > > wssecurity-secext-1.0.xsd.xsd (why is this in the document repo with a > > duplicated file extension?), right at the end of the schema, we have: > > > > <xsd:simpleType name="FaultcodeEnum"> > > <xsd:restriction base="xsd:QName"> > > <xsd:enumeration value="wsse:UnsupportedSecurityToken"/> > > <xsd:enumeration value="wsse:UnsupportedAlgorithm"/> > > <xsd:enumeration value="wsse:InvalidSecurity"/> > > <xsd:enumeration value="wsse:InvalidSecurityToken"/> > > <xsd:enumeration value="wsse:FailedAuthentication"/> > > <xsd:enumeration value="wsse:FailedCheck"/> > > <xsd:enumeration value="wsse:SecurityTokenUnavailable"/> > > </xsd:restriction> > > </xsd:simpleType> > > > > > > This will cause a fully validating parser to reject any > > documents where > > the namespace declaration doesn't always literally use "wsse" > > as the tag > > for the namespace > > "http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > ssecurity- > > secext-1.0.xsd". > > > > This violates Pretty Well All of the XML Namespace processing > > rules, and > > will likely break interoperability with all sorts of fully conforming > > XML processing tools. > > > > If this was my product, this would be a "Stop Ship" bug. > > While I am only > > one voice, I will advise my company's OASIS voting member to vote > > against the WSS spec at the OASIS level unless this is fixed. > > > > - irving - > > > > > > > -----Original Message----- > > > From: Scott Cantor [mailto:cantor.2@osu.edu] > > > Sent: January 28, 2004 15:12 > > > To: wss-comment@lists.oasis-open.org > > > Subject: [wss-comment] Enumerations of QName fault codes > > > > > > > > > Hello, > > > > > > Commenting on the recently released committee draft schema, > > > I'd note that it > > > seems like a bad idea to enumerate QName fault codes in the > > > schema. This has > > > the unfortunate side effect of mandating a specific namespace > > > prefix on > > > faults that appear in document instances, which is nice in > > > theory if you > > > could get away with it, but is not really in the spirit of > > XML, IMHO. > > > > > > I pushed for the elimination of that approach in SAML 1.x to avoid > > > hardcoding the prefix in the schema and just enumerating > > the "logical" > > > Qnames in the spec. Of course, I think we (SSTC) may want to > > > fix that once > > > and for all by using URIs instead, but obviously SOAP faults > > > are Qnames now, > > > so in that light, my suggestion is to pull the enumeration. > > > > > > Failing that, it's not impossible to declare an enumeration > > > of Qnames using > > > the NOTATION type that are more prefix-agnostic, but I've not > > > seen that used > > > much. > > > > > > Scott C > > > The Ohio State Univ / Internet2 > > > cantor.2@osu.edu > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php. -- -Pete pdapkus at bea.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]