OpenSAML 1.1.2 and Xerces-C 3.x

Scott Cantor cantor.2 at
Thu Aug 6 16:11:59 UTC 2009

Russ Allbery wrote on 2009-08-06:
> It occurs to me that I should have actually asked whether OpenSAML 1.1.2
> and Shibboleth 1.x support Xerces-C 3.x.

Nope. It's a lot of work, and would probably mean API changes (thus it would
be an OpenSAML 1.2). The only fixes I'm making to 1.x code right now are the
critical ones, to avoid creating regressions.

> If they don't, I think it's time to say goodbye to Shibboleth 1.x.  At the
> request of the Xerces-C maintainer, we're rebuilding XML-Security-C and
> its downstream consumers against Xerces-C 3.x so that 2.x can be retired,
> and having XML-Security-C built against one version of Xerces-C and
> OpenSAML against another would be a recipe for disaster if it's even
> possible.

It's not. OpenSAML 2.2 supports either Xerces, but it has to be the same one
used by XML-Security.
> If OpenSAML 1.1.2 does support Xerces-C 3.x, I might keep it around a bit
> longer.  I was going to keep Shibboleth 1.x until Stanford upgraded, since
> we seem to be doing a good approximation of the trailing edge right now,
> but since that's supposed to happen by this fall, that's probably
> irrelevant for the next Debian release.  I think regardless we don't want
> Shibboleth 1.x in squeeze, so there probably isn't a drawback to removing
> it now; I'm just being conservative.

I don't know what your release timeline is, but EOL for Shib 1.x is next
June, so after that it won't even get fixes.

-- Scott

More information about the Pkg-shibboleth-devel mailing list