OpenSAML user discussion

["Scott Cantor" <>]

> Now I turned it around and tried to consume an assertion containing
> such a statement, but the parser chokes:

The parser is always validating in OS1. You would *have* to register the
extension schema into the XML ParserPool for this to parse. The reason is
that xsi:type is never laxly validated, so even if you have lax extension
points (this isn't one, but just saying...) you still get validation errors
if it finds a type and there's no definition for it.

> I added the new type to the statement type map in SubjectStatement
> (which is not public) but that didn't help:

That's necessary, but not sufficient. And there should be a register method
somewhere to add your definition to the map, there's no need to do it
directly.

> Understood.  If OpenSAML2 makes this safer and easier, I can use that
> to push OS2 into Globus at some later date.  Until then, we're stuck
> with OpenSAML1.

Safer and easier, maybe, perfect, no. It makes generating and parsing the
XML more reliable, but signatures aren't really any easier when it comes to
prefixes that are only inside QNames.

-- Scott

<<attachment: winmail.dat>>