Friday, June 15, 2007

OpenSAML and Infocard

OpenSAML (to include Apache Xmlsec) and the PHP RP seem to disagree about what to do with unused namespaces during canonicalization. Xmlsec strips out the namespace declaration, whereas the PHP keeps it in. Looking at the spec, I'm going to side with Xmlsec.

Raw XML:

<attribute xsd="http://www.w3.org/2001/XMLSchema" xsi="http://www.w3.org/2001/XMLSchema-instance" attributename="surname" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><attributevalue>MyLastName</attributevalue></attribute>

XmlSec:

<Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>MyLastName</AttributeValue></Attribute>

PHP:

<Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>MyLastName</AttributeValue></Attribute>

No comments: