[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] SAML statement extension for XACML
Hi Frédéric, You have indeed found a bug in our profile schemas. Rather than using substitutionGroups, however, our SAML and XML experts suggest we use xsi:type, as that is what the SAML designers intended extenders to use. One of the TC members has volunteered to work on the necessary schema changes. We have a mechanism for approving errata fixes within the TC and publishing them as non-normative documents or schemas on our web page. They can then be used as de facto standards until we can incorporate them into the next official XACML release. I will let you know when we have a proposed solution for this. Thanks again for your comment. Anne Frederic Deleon wrote On 09/23/05 11:42,: > Hello, > > Specification of SAML 2.0 profile of XACML defines XACMLPolicyStatement > and XACMLAuthzDecisionStatement whose types are extensions of SAML > StatementAbstractType element. > It says that these statements should be placed in SAML Assertion > elements (themselves placed inside SAML Response elements). > As extended type from Statement I suppose. > > However, XACMLPolicyStatement and XACMLAuthzDecisionStatement are not > defined as possible substitutions for Statement, as there is no > "substitutionGroup" attribute in the XML schema, and substitutions are > blocked anyway by blobkDefault="substitution" in both schemas (SAML and > XACML-SAML profile). > > So, it seems that putting XACMLPolicyStatement and > XACMLAuthzDecisionStatement in SAML assertions is not correct according > to schemas. > What is your mind about this ? > Is schema of SAML extension for XACML profile normative ? > > Thanks in advance, > Sincerely > > > Frédéric Deléon > > > --------------------------------------------------------------------- > This publicly archived list supports open discussion on using the > XACML OASIS Standard. To minimize spam in the archives, you > must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Alternately, using email: list-[un]subscribe@lists.oasis-open.org > List archives: http://lists.oasis-open.org/archives/xacml-users/ > Committee homepage: http://www.oasis-open.org/committees/xacml/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]