OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Schemas with choice groups replacing substitution groups

I can't see choice groups + substitution groups causing any problems that 
the individual pieces don't already have, except that it might be a bit 
confusing for schema-reading humans to follow.  I'm not familiar with PSTC 
at all, but could this be a case for model groups (i.e., using a model 
group to represent the choice group and allow it to be reused)?

         Eve

At 07:41 AM 9/28/01 -0700, Hallam-Baker, Phillip wrote:
>Bad form to follow up my own post I guess but..
>
>One of the issues that I have been asked to look at recently has been PSTC,
>the provisioning interface also bing developed by OASIS.
>
>Jeff Hodges has been making the undubitably correct point that PSTC should
>use SAML for access control.
>
>However I believe we need to go somewhat further, in particular PSTC should
>re-use SAML assertion or possibly statement elements. This would then allow
>a complete interoperable assertion based access control mechanism where the
>SAML and XACML assertions are initially created using PSTC.
>
>
>This brings us back to substitution groups(!).
>
>The choice groups we have just defined ensure that substitution group
>crippled schema validators do the right thing. Should we add the
>substitution group declarators back in however so that extensions that build
>arround the statement or assertion element don't have to replicate our
>choice groups to ensure that SAML elements can be used???
>
>
>What I am thinking is that PSTC might use is an element of the form:
>
><Provision>
>    <AttributeStatement>
>       <...Whatever...>
>
>Would choice groups + substitution groups cause problems???
>
>
>                 Phill
>
>
>Phillip Hallam-Baker FBCS C.Eng.
>Principal Scientist
>VeriSign Inc.
>pbaker@verisign.com
>781 245 6996 x227
>
>
> > -----Original Message-----
> > From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
> > Sent: Thursday, September 27, 2001 5:26 PM
> > To: security-services@lists.oasis-open.org
> > Subject: Schemas with choice groups replacing substitution groups
> >
> >
> > All,
> >
> >       Attached are the schemas with the choice groups replacing the
> > substitution groups.
> >
> >       I introduced extra elements for subject statement and
> > query so that
> > extension schemas can key of them with an xsi:type duwinsky
> > and give maximum
> > info to the other application.
> >
> >               Phill
> >
> > Phillip Hallam-Baker FBCS C.Eng.
> > Principal Scientist
> > VeriSign Inc.
> > pbaker@verisign.com
> > 781 245 6996 x227
> >
> >
> >
>

--
Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC