[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML Status Codes and SAML Status codes
ISSUE: Populating SAML Response/Status/StatusCode/Value
PROPOSAL: The following are the only permitted values, as
specified by SAML, with their SAML-specified semantics. I
propose that the specified XACML status codes be mapped to the
corresponding SAML status codes.
o urn:oasis:names:tc:SAML:2.0:status:Success
SAML: The request succeeded.
XACML: urn:oasis:names:tc:xacml:1.0:status:ok
o urn:oasis:names:tc:SAML:2.0:status:Requester
SAML: The request could not be performed due to an error
on the part of the requester.
XACML: urn:oasis:names:tc:xacml:1.0:status:missing-attribute
Or should we map this to status:ok at the SAML protocol level?
XACML: urn:oasis:names:tc:xacml:1.0:status:syntax-error
where syntax-error is in Request Context.
o urn:oasis:names:tc:SAML:2.0:status:Responder
SAML: The request could not be performed due to an error
on the part of the SAML responder or SAML authority.
XACML: urn:oasis:names:tc:xacml:1.0:status:syntax-error
where syntax-error is in a Policy or PolicySet.
Remember that syntax-errors in Policy or PolicySet elements are
not always detected in conjunction with a Query, so not all cases
of Policy or PolicySet syntax errors would get reported to a
requester in this way.
urn:oasis:names:tc:xacml:1.0:status:processing-error
o urn:oasis:names:tc:SAML:2.0:status:VersionMismatch
SAML: The SAML responder could not process the request
because the version of the request message was incorrect.
XACML: Same as SAML.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]