[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] A "final" proposal on status codes
I have had to re-edit the schema somewhat to conform to the coding style
previously agreed.
Is the recursive inclusion in Substatus code type intentional?? I have
assumed not since if it were intentional I would have expected notice to be
drawn to it.
<complexType name="SubStatusCodeType">
<sequence>
<element name="Value" type="QName"/>
<element name="Code" type="samlp:SubStatusCodeType"
minOccurs="0"/>
</sequence>
</complexType>
These changes result in the following schema:
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
<complexContent>
<extension base="samlp:ResponseAbstractType">
<sequence>
<element ref="samlp:Status"/>
<element ref="saml:Assertion"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
<sequence>
<element ref="samlp:StatusCode"/>
<element name="Message" type="string" minOccurs="0"
maxOccurs="unbounded"/>
<element ref="samlp:Detail" minOccurs="0"/>
</sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
<sequence>
<element ref="samlp:SubStatusCode" minOccurs="0"/>
</sequence>
<attribute name="Value" type="samlp:StatusCodeEnumType"/>
</complexType>
<simpleType name="StatusCodeEnumType">
<restriction base="QName">
<enumeration value="samlp:Success"/>
<enumeration value="samlp:VersionMismatch"/>
<enumeration value="samlp:Receiver"/>
<enumeration value="samlp:Sender"/>
</restriction>
</simpleType>
<element name="SubStatusCode" type="samlp:SubStatusCodeType"
minOccurs="0"/>
<complexType name="SubStatusCodeType">
<attribute name="Value" type="QName"/>
</complexType>
<element name="Detail" type="samlp:DetailType"/>
<complexType name="DetailType">
<sequence>
<any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Wednesday, January 09, 2002 12:36 AM
> To: SAML
> Subject: [security-services] A "final" proposal on status codes
>
>
> This is largely a repost of my first proposal, with the
> schema adjusted
> to align with SOAP. XMLP has apparently tenatively approved this for
> SOAP, based on what I read.
>
> ------------------------
>
> SAML needs an extensible, more flexible status code mechanism. This
> proposal is a hierarchical Status structure to be placed
> inside Response
> as a required element. The Status element contains a nested Code tree
> in which the top level Value attribute is from a small
> defined set that
> SAML implementations must be able to create/interpret, while allowing
> arbitrary detail to be nested inside, for applications prepared to
> interpret further.
>
> I mirrored some of SOAP's top level fault codes, while keeping SAML's
> Success code, which doesn't exist in SOAP, since faults mean
> errors, not
> status. I also eliminated the Error vs Failure distinction,
> which seems
> to be intended to "kind of" mean Receiver/Sender, which is better made
> explicit. Unknown didn't make sense to me either. Please provide
> clarifications if these original codes should be kept.
>
> The proposed schema is as follows, replacing the current string
> enumeration of StatusCodeType with the new complex StatusType:
>
> <simpleType name="StatusCodeEnumType">
> <restriction base="QName">
> <enumeration value="samlp:Success"/>
> <enumeration value="samlp:VersionMismatch"/>
> <enumeration value="samlp:Receiver"/>
> <enumeration value="samlp:Sender"/>
> </restriction>
> </simpleType>
> <complexType name="StatusCodeType">
> <sequence>
> <element name="Value" type="sampl:StatusCodeEnumType"/>
> <element name="Code" type="samlp:SubStatusCodeType"
> minOccurs="0"/>
> </sequence>
> </complexType>
> <complexType name="SubStatusCodeType">
> <sequence>
> <element name="Value" type="QName"/>
> <element name="Code" type="samlp:SubStatusCodeType"
> minOccurs="0"/>
> </sequence>
> </complexType>
> <complexType name="StatusType">
> <sequence>
> <element name="Code" type="samlp:StatusCodeType"/>
> <element name="Message" type="string" minOccurs="0"
> maxOccurs="unbounded"/>
> <element name="Detail" type="anyType" minOccurs="0"/>
> </sequence>
> </complexType>
>
> In Response, delete the StatusCode attribute, and add:
>
> <element name="Status" type="samlp:StatusType"/>
>
> Some draft text for a new section, perhaps under 2.6.2 Response,
> describing the structure might be:
>
> SAML responses MUST include a Status element describing the outcome of
> the requested operation in as much detail as the receiver desires to
> express.
>
> 2.6.2.1 Element Status
>
> The Status element contains a top-level status code, and optional
> message and detail information.
>
> <Code> [Required]
> The top-level Code element MUST contain a Value element equal
> to one of
> the StatusCodeEnumType values. It MAY contain additional nested Code
> elements containing Value elements equal to arbitrary QNames.
> A receiver
> SHOULD provide nested Code elements to fully describe error conditions
> when possible, but a sender MUST be able to correctly process the
> Response in a reasonable fashion by examining only the top-level Code
> element. Four top-level values are defined:
>
> Success - The request succeeded.
>
> VersionMismatch - The receiver could not process the request
> because the
> version was incorrect.
>
> Receiver - The request could not be performed due to an error at the
> receiving end.
>
> Sender - The request could not be performed due to an error in the
> sender or in the request.
>
> <Message> [Optional]
> Any number of Message elements may be included to describe the success
> or failure condition in human-readable fashion. Multiple languages may
> be included for I18N purposes.
>
> <Detail> [Optional]
> Arbitrary well-formed XML content may be included to pass
> application or
> implementation-specific information to the sender. A receiver MUST NOT
> require the sender understand the contents of Detail in order
> to process
> the response in a reasonable fashion.
>
> The Detail element can be interpreted by agreement between sender and
> receiver and/or with use of the xsi:type attribute to describe the
> schematic type of the content.
>
> ----------------------
>
> An example of this proposal, say for the Incomplete response code Eve
> proposed would look like:
>
> <samlp:Response>
> ....
> <samlp:Status>
> <samlp:Value>samlp:Receiver</samlp:Value>
> <samlp:Code>
> <samlp:Value>samlp:Incomplete</samlp:Value>
> </samlp:Code>
> <samlp:Message>Not all the attributes could be
> obtained.</samlp:Message>
> </samlp:Status>
> </samlp:Response>
>
> The processing model (in XPath terms) specifies to examine
> Status/Value
> and optionally examine Status/Code/Value, Status/Code/Code/Value, etc.
> as desired. Only the first step is strictly required.
>
> -- Scott
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC