Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Issues marshalling XmlObject with DOM without namespace

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Issues marshalling XmlObject with DOM without namespace


Chronological Thread 
  • From: "Stepan Hrbacek" <>
  • To:
  • Subject: Re: [OpenSAML] Issues marshalling XmlObject with DOM without namespace
  • Date: Thu, 4 Dec 2008 17:10:00 +0100
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=ln6qcnQG5FF5gnZbjg+QTJH6AxoRxD4t70dNVLZwm65miFAPusirfue+j16d2q1gE4 vOtaSqCBEr1qmRbqLJT7EAUeKhJx7BKtcYFy0azB3mVq0T+HeNcKITcE2ET2jBKeWKPN Ghd4tl4yBC2ea4q8kDnFATyABmv6rwb3IjPvQ=

2008/12/4 Scott Cantor <>
> I don't think that using non-namespace-qualified content inside SAML data
> (AttributeValue) causes some problems for DOM API or XML signatures
because
> for our use case we have found following workaround that at the end
produced
> valid XML data (SAML Assertion), with valid XML signatures.

No, you haven't. You got lucky and the code you used was buggy and just
happened to work. What you're describing is invalid. There is no way to use
non-namespace-qualified XML within a namespace-aware environment because the
syntax overlaps (an unqualified element is considered to be in the default
namespace). It isn't even a DOM issue per se, it's simply invalid in XML
terms and doesn't mean what you think it does.

You can of course encode the XML in some fashion (e.g. base64) so that it is
invisible to the surrounding XML and can be parsed as non-namespace-aware
XML separately.

Thank you for this argument Scott! I hope this will finally convince our contractor to change his WS implementation. So far we were unsuccessful with our arguments!
 


> Thus I think the issue we experienced is:
> - either in the way we use OpenSAML to create AttributeValue with complex
> DOM data,
> - or it's a XmlTooling issue we reported in
> https://bugs.internet2.edu/jira/browse/JXT-42 (but this was refused by the
> XmlTooling expert)

It's neither.

There may or may not be issues with the AttributeValue handling, but there
is absolutely no way that the existing code will ever or could ever allow
non-namespaced XML to be used anywhere.

Good to know.
 


-- Scott


--Stepan



Archive powered by MHonArc 2.6.16.

Top of Page