mace-opensaml-users - RE: [opensaml2.0]Validating XML Signature

Subject: OpenSAML user discussion

List archive

RE: [opensaml2.0]Validating XML Signature

From: "Scott Cantor" <>
To: <>
Subject: RE: [opensaml2.0]Validating XML Signature
Date: Tue, 5 Feb 2008 12:54:25 -0500
Organization: The Ohio State University

> It's valid. An ID just has to be a string (with a few character
> limits), not a URI or anything. So that's valid. This error is almost
> certainly screwing up the XML before the library gets it.

No, I just checked, it's not legal.

http://www.w3.org/TR/1999/REC-xml-names-19990114/#NT-NCName

Anybody accepting that as an ID has broken code. Of course, absent schema
processing, lots of ID code is brute forced and it might work by accident,
even in OpenSAML.

But somebody should inform the producer of that SAML that their code is
wrong regardless.

-- Scott

[opensaml2.0]Validating XML Signature, Dimuthu Leelarathne, 02/05/2008
- Re: [opensaml2.0]Validating XML Signature, Chad La Joie, 02/05/2008
- Re: [opensaml2.0]Validating XML Signature, Tom Scavo, 02/05/2008
  - Re: [opensaml2.0]Validating XML Signature, Chad La Joie, 02/05/2008
    - RE: [opensaml2.0]Validating XML Signature, Scott Cantor, 02/05/2008
      - Re: [opensaml2.0]Validating XML Signature, Chad La Joie, 02/05/2008
        
        Re: [opensaml2.0]Validating XML Signature, Dimuthu Leelarathne, 02/05/2008
        
        Re: [opensaml2.0]Validating XML Signature, Brent Putman, 02/06/2008
        
        Re: [opensaml2.0]Validating XML Signature, Dimuthu Leelarathne, 02/06/2008
        Re: [opensaml2.0]Validating XML Signature, Brent Putman, 02/06/2008
        
        Re: [opensaml2.0]Validating XML Signature, Dimuthu Leelarathne, 02/06/2008
  - RE: [opensaml2.0]Validating XML Signature, Scott Cantor, 02/05/2008

List archive

RE: [opensaml2.0]Validating XML Signature