SP 2.0: Metadata with EncryptionMethod elements fails to load
Ferenc Wagner
wferi at niif.hu
Tue Jan 20 19:44:42 UTC 2009
"Scott Cantor" <cantor.2 at osu.edu> writes:
> Russ Allbery wrote on 2009-01-20:
>
>> If the schemas have changed in a way that would cause 2.1 to error with
>> 2.0 schemas or 2.0 to error with 2.1 schemas, then yes, we need to version
>> the dependency on the schemas so that upgrades don't leave a system in an
>> inconsistent state.
>
> The schemas that could change (i.e. not the SAML ones) are backward
> compatible, but not forward. A valid configuration on 2.0 is guaranteed to
> validate against the 2.1 schema but not vice versa. So, yes, if you're
> packaging the schemas separately from the SP itself, you need to make sure
> that a 2.1 SP is using at least the 2.1 schemas.
The issue I had on mind was shibd 2.1 not starting with WS-Trust.xsd
removed but still referenced in the catalog, which is different, but
incidentally covered by the above rule as well.
--
Thanks,
Feri.
More information about the Pkg-shibboleth-devel
mailing list