OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Typos in the SAML profile schema

On Mon, 2005-02-14 at 11:30 -0500, Anne Anderson wrote: 
> Erik,
> 
> Attached are revised versions of the XACML SAML profile schemas that I
> think incorporate all the necessary corrections for the errors that you
> found.
> 
> Could you please take the time to review these and get a quick "OK" or
> not back to me?
> 
> Thanks,
> Anne Anderson

My application does not use the protocol schema, so I have not tested
it, but I tried the assertion schema.

The parser I am using (Xerces) does not like the schema location for the
SAML schemas. I get the following error:

org.xml.sax.SAXParseException: The declaration for the entity
"ContentType" must end with '>'.

When I changed the locations from 

  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
      schemaLocation="http://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=security"/>
  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
      schemaLocation="http://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=security"/>

to

  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
      schemaLocation="http://www.oasis-
open.org/committees/download.php/11027/sstc-saml-schema-
assertion-2.0.xsd"/>
  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
      schemaLocation="http://www.oasis-
open.org/committees/download.php/11026/sstc-saml-schema-
protocol-2.0.xsd"/>

the error went away.

It also seems like the XACML 2.0 "-os.xsd" schema files are not up at
the oasis web site yet, so the parser could not load them. I tried with
the cd:04 schema instead which worked fine.

Just a small note: The samlp namespace prefix is not used in the
assertion schema, so it could be removed.

The schema seem ok for me now.

Just one final caveat: I still use XACML 1.1, so to test my application
I have to change the references to the XACML 2.0 schemas to XACML 1.0. I
have not run anything with real XACML 2.0 data, but I doubt there are
any more errors since running the schemas you posted, with the above
corrections, gives no errors except the conflict between XACML 1.0 and
2.0.

/Erik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]