[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Agenda item: approval of revised SAML profile schemas
Colleagues, I have made additional corrections to the SAML profile schemas to address the problems that Erik encountered: 1) I inserted the URLs of the most recent SAML CD schemas into the "schemaLocation" attribute for the SAML schema import elements. It would be nice if we could use the SAML 2.0 OASIS Standard locations, but in the past they have not used "fixed" file URLs that can be predicted prior to standardization. This is at least correct for the current version of SAML, and will continue to be "correct" if SAML 2.0 is approved in its current form. 2) I removed the samlp namespace definition from the assertion schema, since, as Erik notes, it is not used. The corrected schemas are attached. If the TC is willing to approve these corrected schemas tomorrow, I can include them in a non-normative SAML Errata link on our home page at the same time I update all our other links to point to the normative documents. Anne Erik Rissanen wrote: > On Mon, 2005-02-14 at 11:30 -0500, Anne Anderson wrote: > >>Erik, >> >>Attached are revised versions of the XACML SAML profile schemas that I >>think incorporate all the necessary corrections for the errors that you >>found. >> >>Could you please take the time to review these and get a quick "OK" or >>not back to me? >> >>Thanks, >>Anne Anderson > > > My application does not use the protocol schema, so I have not tested > it, but I tried the assertion schema. > > The parser I am using (Xerces) does not like the schema location for the > SAML schemas. I get the following error: > > org.xml.sax.SAXParseException: The declaration for the entity > "ContentType" must end with '>'. > > When I changed the locations from > > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" > schemaLocation="http://www.oasis-open.org/committees/tc_home.php? > wg_abbrev=security"/> > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" > schemaLocation="http://www.oasis-open.org/committees/tc_home.php? > wg_abbrev=security"/> > > to > > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" > schemaLocation="http://www.oasis- > open.org/committees/download.php/11027/sstc-saml-schema- > assertion-2.0.xsd"/> > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" > schemaLocation="http://www.oasis- > open.org/committees/download.php/11026/sstc-saml-schema- > protocol-2.0.xsd"/> > > the error went away. > > It also seems like the XACML 2.0 "-os.xsd" schema files are not up at > the oasis web site yet, so the parser could not load them. I tried with > the cd:04 schema instead which worked fine. > > Just a small note: The samlp namespace prefix is not used in the > assertion schema, so it could be removed. > > The schema seem ok for me now. > > Just one final caveat: I still use XACML 1.1, so to test my application > I have to change the references to the XACML 2.0 schemas to XACML 1.0. I > have not run anything with real XACML 2.0 data, but I doubt there are > any more errors since running the schemas you posted, with the above > corrections, gives no errors except the conflict between XACML 1.0 and > 2.0. > > /Erik > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
<?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0"> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="http://www.oasis-open.org/committees/download.php/11027/sstc-saml-schema-assertion-2.0.xsd"/> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="http://www.oasis-open.org/committees/download.php/11026/sstc-saml-schema-protocol-2.0.xsd"/> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/> <xs:annotation> <xs:documentation> Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd </xs:documentation> </xs:annotation> <!-- --> <xs:element name="XACMLAuthzDecisionStatement" type="xacml-saml:XACMLAuthzDecisionStatementType"/> <xs:complexType name="XACMLAuthzDecisionStatementType"> <xs:complexContent> <xs:extension base="saml:StatementAbstractType"> <xs:sequence> <xs:element ref="xacml-context:Response"/> <xs:element ref="xacml-context:Request" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="XACMLPolicyStatement" type="xacml-saml:XACMLPolicyStatementType"/> <xs:complexType name="XACMLPolicyStatementType"> <xs:complexContent> <xs:extension base="saml:StatementAbstractType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:Policy"/> <xs:element ref="xacml:PolicySet"/> </xs:choice> </xs:extension> </xs:complexContent> </xs:complexType> </schema>
<?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0"> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="http://www.oasis-open.org/committees/download.php/11027/sstc-saml-schema-assertion-2.0.xsd"/> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="http://www.oasis-open.org/committees/download.php/11026/sstc-saml-schema-protocol-2.0.xsd"/> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/> <xs:annotation> <xs:documentation> Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd </xs:documentation> </xs:annotation> <!-- --> <xs:element name="XACMLAuthzDecisionQuery" type="xacml-samlp:XACMLAuthzDecisionQueryType"/> <xs:complexType name="XACMLAuthzDecisionQueryType"> <xs:complexContent> <xs:extension base="samlp:RequestAbstractType"> <xs:sequence> <xs:element ref="xacml-context:Request"/> </xs:sequence> <xs:attribute name="InputContextOnly" type="boolean" use="optional" default="false"/> <xs:attribute name="ReturnContext" type="boolean" use="optional" default="false"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="XACMLPolicyQuery" type="xacml-samlp:XACMLPolicyQueryType"/> <xs:complexType name="XACMLPolicyQueryType"> <xs:complexContent> <xs:extension base="samlp:RequestAbstractType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml-context:Request"/> <xs:element ref="xacml:Target"/> <xs:element ref="xacml:PolicySetIdReference"/> <xs:element ref="xacml:PolicyIdReference"/> </xs:choice> </xs:extension> </xs:complexContent> </xs:complexType> </schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]