[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Typos in the SAML profile schema
Erik, Attached are revised versions of the XACML SAML profile schemas that I think incorporate all the necessary corrections for the errors that you found. Could you please take the time to review these and get a quick "OK" or not back to me? Thanks, Anne Anderson P.S. Others on this list are also encouraged to review these. They will become part of the XACML SAML Profile Errata documents. Erik Rissanen wrote: > The list of errors I have found is attached below. I have not needed the > protocol schema, so I have not tried to run it, rather I just noticed > that some of the errors are in both of the schemas. > > /Erik > > The fifth lines in both schemas say: > xmlns:xs="http://www.23.org/2001/XMLSchema"; > > They should be: > xmlns:xs="http://www.w3.org/2001/XMLSchema"; > > There is an extra '>' at the end of line 47 in the assertion schema > and at line 54 in the protocol schema. > > The import elements at lines 18 and 20 in both schemas have incorrect > namespace attributes. They should be the same as the target namespace > in the imported schema documents. The attribute says "...:cd-01" while > the schema target namespace says "...:cd". I suppose also that the > imports should be updated to link to the latest drafts, not draft > 01. That would also mean that the namespace prefixes "xacml-context" > and "xacml" would need to be updated. > > The element declarations have incorrect type names. What is needed is > a namespace prefix. Currently the element declarations look like this: > > <xs:element name="XACMLPolicyStatement" > type="XACMLPolicyStatementType"/> > > They should be something like this: > > <xs:element name="XACMLPolicyStatement" > type="xacml-saml:XACMLPolicyStatementType"/> > > where xacml-saml needs to be defined to point to the target namespaces > of the schemas. > > The extension base type of the Complex types is incorrect, at lines 34 > and 47 in the assertion schema. It says: > > <xs:extension base="samlp:StatementAbstractType"> > > but the StatementAbstractType is defined in the SAML assertion schema, > so it should be: > > <xs:extension base="saml:StatementAbstractType"> > > "minOccurs" on line 37 in the assertion schema is incorrectly spelled > as "MinOccurs". > > > On Fri, 2005-01-21 at 11:01 -0500, Anne Anderson wrote: > >>I have not received any previous information about typos or other errors >>in the SAML profile, so a list of specific errors you found would be >>very helpful. We can post it as an "errata" document on the web site. >> >>Thanks, >>Anne >> > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
xmlns="http://www.w3.org/2001/XMLSchema";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/>
<xs:annotation>
<xs:documentation>
Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
</xs:documentation>
</xs:annotation>
<!-- -->
<xs:element name="XACMLAuthzDecisionStatement"
type="xacml-saml:XACMLAuthzDecisionStatementType"/>
<xs:complexType name="XACMLAuthzDecisionStatementType">
<xs:complexContent>
<xs:extension base="saml:StatementAbstractType">
<xs:sequence>
<xs:element ref="xacml-context:Response"/>
<xs:element ref="xacml-context:Request" minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="XACMLPolicyStatement"
type="xacml-saml:XACMLPolicyStatementType"/>
<xs:complexType name="XACMLPolicyStatementType">
<xs:complexContent>
<xs:extension base="saml:StatementAbstractType">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:Policy"/>
<xs:element ref="xacml:PolicySet"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</schema>
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns="http://www.w3.org/2001/XMLSchema";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/>
<xs:annotation>
<xs:documentation>
Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
</xs:documentation>
</xs:annotation>
<!-- -->
<xs:element name="XACMLAuthzDecisionQuery"
type="xacml-samlp:XACMLAuthzDecisionQueryType"/>
<xs:complexType name="XACMLAuthzDecisionQueryType">
<xs:complexContent>
<xs:extension base="samlp:RequestAbstractType">
<xs:sequence>
<xs:element ref="xacml-context:Request"/>
</xs:sequence>
<xs:attribute name="InputContextOnly"
type="boolean"
use="optional"
default="false"/>
<xs:attribute name="ReturnContext"
type="boolean"
use="optional"
default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="XACMLPolicyQuery"
type="xacml-samlp:XACMLPolicyQueryType"/>
<xs:complexType name="XACMLPolicyQueryType">
<xs:complexContent>
<xs:extension base="samlp:RequestAbstractType">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml-context:Request"/>
<xs:element ref="xacml:Target"/>
<xs:element ref="xacml:PolicySetIdReference"/>
<xs:element ref="xacml:PolicyIdReference"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]