[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML Status Codes and SAML Status codes
ISSUE: Populating SAML Response/Status/StatusCode/Value PROPOSAL: The following are the only permitted values, as specified by SAML, with their SAML-specified semantics. I propose that the specified XACML status codes be mapped to the corresponding SAML status codes. o urn:oasis:names:tc:SAML:2.0:status:Success SAML: The request succeeded. XACML: urn:oasis:names:tc:xacml:1.0:status:ok o urn:oasis:names:tc:SAML:2.0:status:Requester SAML: The request could not be performed due to an error on the part of the requester. XACML: urn:oasis:names:tc:xacml:1.0:status:missing-attribute Or should we map this to status:ok at the SAML protocol level? XACML: urn:oasis:names:tc:xacml:1.0:status:syntax-error where syntax-error is in Request Context. o urn:oasis:names:tc:SAML:2.0:status:Responder SAML: The request could not be performed due to an error on the part of the SAML responder or SAML authority. XACML: urn:oasis:names:tc:xacml:1.0:status:syntax-error where syntax-error is in a Policy or PolicySet. Remember that syntax-errors in Policy or PolicySet elements are not always detected in conjunction with a Query, so not all cases of Policy or PolicySet syntax errors would get reported to a requester in this way. urn:oasis:names:tc:xacml:1.0:status:processing-error o urn:oasis:names:tc:SAML:2.0:status:VersionMismatch SAML: The SAML responder could not process the request because the version of the request message was incorrect. XACML: Same as SAML. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]