Please review: DRAFT Reg of application/samlassertion+xml

Chris Lilley chris at
Mon Sep 20 19:12:09 CEST 2004

On Monday, September 20, 2004, 6:28:11 PM, Jeff wrote:

>> On Monday, September 20, 2004, 12:23:33 PM, Graham wrote:
>> GK> That wording looks OK to me.
>> GK> One additional point to consider, but I think it's marginal:  the case when
>> GK> the default namespace is a SAML namespace.  (In practice, I think anyone
>> GK> who knows enough about XML to use this stuff will understand that case is
>> GK> implied, but maybe it's better to be explicit.)
>> I agree (especially in a section on magic numbers and by extension,
>> magic strings) its better to avoid any mention of potentially magical
>> prefixes in the registration document.
>> Just state the URI of the namespace or namespaces. Since this is a +xml
>> type, its okay to assume that an XML processor is being used rather than
>> plain text regexps and so on. State the element local name and its
>> namespace, and you are all set.

JHKc> Ok, how about this...

JHKc> Magic number(s):
JHKc>     In general, the same as for application/xml [RFC3023]. In
JHKc>     particular, the XML root element of the returned object will be
JHKc>     <Assertion>, and will be in one of the version-specific SAML  
JHKc>     assertion XML namespaces, as defined by the appropriate version-
JHKc>     specific SAML "core" specification (see bibliography).

JHKc>     With SAMLv2.0 specifically, the root element of the returned
JHKc>     object may be either <saml:Assertion> or <saml:EncryptedAssertion>,
JHKc>     where "saml" represents any XML namspace prefix that maps to the
JHKc>     SAMLv2.0 assertion namespace URI: 

JHKc>        urn:oasis:names:tc:SAML:2.0:assertion.

Yeas, that is a lot better.

 Chris Lilley                    mailto:chris at
 Chair, W3C SVG Working Group
 Member, W3C Technical Architecture Group

More information about the Ietf-types mailing list