OpenSAML user discussion

[Scott Cantor <>]

> In fact, the two classes mentioned above, do not create the 
> element Evidence (they behave as in the case of the Action 
> element). For example, the following is a Request that is not 
> SAML compliant: 

I think the bug was fixed in cvs for the statement, but not for the query. I 
applied the fix there as well.

You should be aware that AuthzStatements in SAML are essentially deprecated 
at this point, and will be officially so in SAML 1.1.
That work was taken up more thoroughly by XACML.

> I have an additional question:
> why all elements are created as "nameOfTheElement" with an 
> attribute identifying the NS, instead of using 
> "SAML:nameOfTheElement"? (I know that the resulting xml is valid).

Personal preference mainly. Most of the elements don't have to carry any 
namespace declarations except for the top and when the
protocol/assertion boundary is crossed. I might change it someday when I'm 
more confident in the code, but it helps to expose errors
if the default is used and something doesn't match.

DOM3 is finally adding namespace normalization and fixup, which is long 
overdue. Current DOM APIs are more or less broken in
namespace handling anyway, since relying on the programmer to apply prefixes 
in the right places is just silly.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--