Configuring <md:EntityDescriptor> ID attribute

Ian Young ian at
Mon Feb 4 06:14:00 EST 2013

On 4 Feb 2013, at 11:02, Peter Schober <peter.schober at> wrote:

> Never had any tool fail validation for that, though, at least not
> xmlsectool, xmllint, Oxygen.

Well, the failings of tools in general in the area of XML IDs are unfortunately legion (and that has had security consequences).  Having said which, I suggest you try it in a current version of oXygen; I just did and it said:

	E [Xerces] cvc-id.2: There are multiple occurrences of ID value 'wobble'.

(I put one in an EntitiesDescriptor and one on an EntityDescriptor)

Obviously you need to associate the appropriate schema, or it won't notice.

> Maybe it should just be generated then if signing="true"?

Seems like a reasonable RFE if you think it would reduce confusion.

	-- Ian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
Url : 

More information about the users mailing list