OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Update to XPath

Greg Whitehead wrote me yesterday and pointed out that the XPath example
is incorrect.  An XPath (even using abbreviated syntax) must include
namespace prefixes if the document it applies to uses namespaces.

We can't drop in a namespace prefix without defining it.  And there can
exist multiple namespace prefixes in one XPath.  Its OK to simply use
the "xmlns:" attributes to define them.  (Here is a reference to how
xacml did the same thing:
http://lists.oasis-open.org/archives/xacml/200207/msg00056.html )


Example Redo: 
<saml:Attribute xmlns:pp="urn:liberty:id-sis-pp:2003_08"
  NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”
  Name=”/pp:PP/pp:LegalIdentity/pp:LegalName/text()”
  ResourceIndicator=”urn:liberty:id-sis-pp:2003_08”>
 <saml:AttributeValue xsi:type=”xs:string”>John Q.
 Doe</saml:AttributeValue>
</saml:Attribute>

This really makes use of the ResourceIndicator redundant, except in the
case where it points to an actual document.  We should make
it optional.  In which case we should change the text and make
a new revision.

This simplifies things more since, in many my use cases, the attribute
schema needs no extension. 


I'd also like to include some more examples, there seems to be some
confusion.  

Example XML document for John Doe:
<sample:body xmlns:sample="urn:saml:xpath:sample">
 <sample:foo>
  <sample:bar name="sample element1">value1</sample:bar>
 </sample:foo>
 <sample:foo>
  <sample:bar name="sample element2">value2</sample:bar>
 </sample:foo>
</sample:body>

Example attribute query:
<saml:AttributeQuery Id=...>
 <saml:Subject>
  <saml:NameID>JDoe</saml:NameID>
 <saml:Subject>
 <saml:Attribute>
  <saml:Attribute xmlns:sample="urn:saml:xpath:sample"
   NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”
   Name=”/sample:body/sample:foo/sample:bar”/>
  <saml:Attribute xmlns:sample="urn:saml:xpath:sample"
   NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”
   Name=”/sample:body/sample:foo/sample:bar/text()”/>
 </saml:Attribute>
</samle:AttributeQuery>

Resulting attribute statement:
<saml:AttributeStatement>
 <saml:Attribute>
  <saml:Attribute xmlns:sample="urn:saml:xpath:sample"
   NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”
   Name=”/sample:body/sample:foo/sample:bar”>
    <saml:AttributeValue>
       <sample:bar name="sample element1">value1</sample:bar>
    </saml:AttributeValue>
    <saml:AttributeValue>
       <sample:bar name="sample element2">value2</sample:bar>
    </saml:AttributeValue>
  </saml:Attribute>

  <saml:Attribute xmlns:sample="urn:saml:xpath:sample"
   NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”
   Name=”/sample:body/sample:foo/sample:bar/text()”>
  <saml:AttributeValue>value1</saml:AttributeValue>
  <saml:AttributeValue>value2</saml:AttributeValue>
 </saml:Attribute>
</saml:AttributeStatement>
   

- Cameron

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]