Shibboleth Developers

["Scott Cantor" <>]

Ian Young wrote on 2009-03-23:
> The reason I'm even looking at comments here is that although you can
> add arbitrary attributes to an EntityDescriptor (in your own
> namespace) that's not permitted by the schema for EntitiesDescriptor
> as far as I can tell.

Probably an accident.

> Ideally, from the point of view of putting something in the file that
> people can read to help debug downloading issues, I'd want comment A
> to be preserved by the download process.  This only ever seems to have
> been done by metadatatool, so I can see that might be a hard sell
> unless someone other than me sees some value there.  Any takers?

I think I can probably fix that, given where this serialization happens in
the SP.

> Stepping back from the ideal, I think removing all comments from
> downloaded metadata (and element white space, which is also stripped
> in the IdP default settings in internal.xml) isn't the right default.
> This space-saving micro-optimisation must have been overshadowed by
> several (decimal) orders of magnitude by the changes Chad made in
> 2.1.2 to use better data structures.  Unless I'm missing something?

Unless they're backing up the data by reserializing the DOM immediately,
there are a number of things the Java code will throw away when it goes from
DOM -> XMLObject -> DOM. It's not round-trip safe, and if they're pruning
whitespace, then apparently signatures aren't preserved either?
 
> [1] I can't figure out why this (apparently) doesn't break the
> signature on the file, at least according to oXygen.  After all, the
> signature is done using
http://www.w3.org/2001/10/xml-exc-c14n#WithComments

I don't think it could be reverifying the signature if you're saying it's
also stripping whitespace. I'm not sure how it knows not to, since the
verifier is a Metadata Filter...perhaps filters only run if it's loaded from
the remote source and not a backup?
 
-- Scott