"Cantor, Scott" <cantor(_dot_)2(_at_)osu(_dot_)edu> writes:
On 10/4/12 4:58 PM, "Sam Hartman" <hartmans(_at_)painless-security(_dot_)com>
wrote:
Any advice from the SAML community on responding to the following
comment from Simon:
If the value is not simple or is empty, then the raw value(s) of the
GSS name attribute MUST be the well-formed serialization of the
<saml:AttributeValue> element(s) encoded as UTF-8. The "display"
values are implementation-defined.
Question: what serialization is intended here? An example here would
make this more clear.
I think that was my text, possibly. I just meant that it's the XML
representation of the element, but well-formed, meaning that you have to
make sure any namespaces are declared, etc. so that if a parser were to
parse that serialization, it would be well-formed XML.
Thanks, now I understand better. I would feel more comfortable if there
were a precise reference to what "well-formed serialization" means,
especially since there is a MUST here. It ought to be possible to
determine algorithmically whether something conforms or not. Sometimes
I get the impression that "well-formed" just refers to syntactical
correctness, whereas namespace considerations are more semantic.
Perhaps the text would be improved by adding a sentence between the two
sentences above like this:
This means, for example, that the XML code includes all necessary
namespace declarations, so that a parser is able to parse and
understand the meaning of the raw value.
If there is a suitable reference to some XML standard, that is probably
better.
/Simon