Please review: DRAFT Reg of application/samlassertion+xml

Jeff.Hodges at Jeff.Hodges at
Mon Sep 20 18:28:11 CEST 2004

> On Monday, September 20, 2004, 12:23:33 PM, Graham wrote:
> GK> That wording looks OK to me.
> GK> One additional point to consider, but I think it's marginal:  the case when
> GK> the default namespace is a SAML namespace.  (In practice, I think anyone
> GK> who knows enough about XML to use this stuff will understand that case is
> GK> implied, but maybe it's better to be explicit.)
> I agree (especially in a section on magic numbers and by extension,
> magic strings) its better to avoid any mention of potentially magical
> prefixes in the registration document.
> Just state the URI of the namespace or namespaces. Since this is a +xml
> type, its okay to assume that an XML processor is being used rather than
> plain text regexps and so on. State the element local name and its
> namespace, and you are all set.

Ok, how about this...

Magic number(s):
    In general, the same as for application/xml [RFC3023]. In
    particular, the XML root element of the returned object will be
    <Assertion>, and will be in one of the version-specific SAML  
    assertion XML namespaces, as defined by the appropriate version-
    specific SAML "core" specification (see bibliography).

    With SAMLv2.0 specifically, the root element of the returned
    object may be either <saml:Assertion> or <saml:EncryptedAssertion>,
    where "saml" represents any XML namspace prefix that maps to the
    SAMLv2.0 assertion namespace URI: 



More information about the Ietf-types mailing list