OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Schemas with choice groups replacing substitution groups

So that would be the "pro-choice" argument... :-)


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Eve L. Maler [mailto:eve.maler@sun.com]
> Sent: Friday, September 28, 2001 11:00 AM
> To: security-services@lists.oasis-open.org
> Subject: RE: Schemas with choice groups replacing substitution groups
> 
> 
> I can't see choice groups + substitution groups causing any 
> problems that 
> the individual pieces don't already have, except that it 
> might be a bit 
> confusing for schema-reading humans to follow.  I'm not 
> familiar with PSTC 
> at all, but could this be a case for model groups (i.e., 
> using a model 
> group to represent the choice group and allow it to be reused)?
> 
>          Eve
> 
> At 07:41 AM 9/28/01 -0700, Hallam-Baker, Phillip wrote:
> >Bad form to follow up my own post I guess but..
> >
> >One of the issues that I have been asked to look at recently 
> has been PSTC,
> >the provisioning interface also bing developed by OASIS.
> >
> >Jeff Hodges has been making the undubitably correct point 
> that PSTC should
> >use SAML for access control.
> >
> >However I believe we need to go somewhat further, in 
> particular PSTC should
> >re-use SAML assertion or possibly statement elements. This 
> would then allow
> >a complete interoperable assertion based access control 
> mechanism where the
> >SAML and XACML assertions are initially created using PSTC.
> >
> >
> >This brings us back to substitution groups(!).
> >
> >The choice groups we have just defined ensure that substitution group
> >crippled schema validators do the right thing. Should we add the
> >substitution group declarators back in however so that 
> extensions that build
> >arround the statement or assertion element don't have to 
> replicate our
> >choice groups to ensure that SAML elements can be used???
> >
> >
> >What I am thinking is that PSTC might use is an element of the form:
> >
> ><Provision>
> >    <AttributeStatement>
> >       <...Whatever...>
> >
> >Would choice groups + substitution groups cause problems???
> >
> >
> >                 Phill
> >
> >
> >Phillip Hallam-Baker FBCS C.Eng.
> >Principal Scientist
> >VeriSign Inc.
> >pbaker@verisign.com
> >781 245 6996 x227
> >
> >
> > > -----Original Message-----
> > > From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
> > > Sent: Thursday, September 27, 2001 5:26 PM
> > > To: security-services@lists.oasis-open.org
> > > Subject: Schemas with choice groups replacing substitution groups
> > >
> > >
> > > All,
> > >
> > >       Attached are the schemas with the choice groups 
> replacing the
> > > substitution groups.
> > >
> > >       I introduced extra elements for subject statement and
> > > query so that
> > > extension schemas can key of them with an xsi:type duwinsky
> > > and give maximum
> > > info to the other application.
> > >
> > >               Phill
> > >
> > > Phillip Hallam-Baker FBCS C.Eng.
> > > Principal Scientist
> > > VeriSign Inc.
> > > pbaker@verisign.com
> > > 781 245 6996 x227
> > >
> > >
> > >
> >
> 
> --
> Eve Maler                                    +1 781 442 3190
> Sun Microsystems XML Technology Center   eve.maler @ sun.com
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC