[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] FW: Invalid XSDs in SAML 2.0 profile of XACML
This sounds to me like a XACML issue - I am resending the email to the XACML list. Rich, did we run across this in the interop - or did we just use the new draft that Anne had prepared? - prateek > -----Original Message----- > From: Rüdiger Gartmann [mailto:ruediger.gartmann@uni-muenster.de] > Sent: Wednesday, August 29, 2007 12:33 PM > To: Hal Lockhart > Subject: Invalid XSDs in SAML 2.0 profile of XACML > > Hal, > > I hope you are the right person to address, at least you may know the > right person... > > Trying to implement the SAML 2.0 profile of XACML v2.0 (see > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf) > we found out that the XSDs which are provided on the OASIS web site > (http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd > and > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd) > are invalid. They include a couple of typos, missing namespace > declarations, etc. I attached two revised versions to this mail which > validate correctly. > > I am wondering if nobody had the same problems, especially since this > standard was released in 2005 (and the drafts had been out even earlier, > including the same errors). > > Maybe you can send me some feedback if I did anything wrong or what the > reason for these errors is. > > Best regards, > Rüdiger > > P.S.: I am using XMLSpy 2007... > > ------------------------------------------------------------------------ > > <?xml version="1.0" encoding="UTF-8"?> > <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xacmlsaml="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0"> > <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/> > <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/> > <import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/> > <import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/> > <annotation> > <documentation> > Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd > Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd > </documentation> > </annotation> > <!-- --> > <element name="XACMLAuthzDecisionStatement" type="xacmlsaml:XACMLAuthzDecisionStatementType"/> > <complexType name="XACMLAuthzDecisionStatementType"> > <complexContent> > <extension base="saml:StatementAbstractType"> > <sequence> > <element ref="xacml-context:Response"/> > <element ref="xacml-context:Request" minOccurs="0"/> > </sequence> > </extension> > </complexContent> > </complexType> > <!-- --> > <element name="XACMLPolicyStatement" type="xacmlsaml:XACMLPolicyStatementType"/> > <complexType name="XACMLPolicyStatementType"> > <complexContent> > <extension base="saml:StatementAbstractType"> > <choice minOccurs="0" maxOccurs="unbounded"> > <element ref="xacml:Policy"/> > <element ref="xacml:PolicySet"/> > </choice> > </extension> > </complexContent> > </complexType> > </schema> > > ------------------------------------------------------------------------ > > <?xml version="1.0" encoding="UTF-8"?> > <schema > targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os" > xmlns:xacmlsamlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" > xmlns:xs="http://www.w3.org/2001/XMLSchema" > xmlns="http://www.w3.org/2001/XMLSchema" > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" > xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" > elementFormDefault="unqualified" > attributeFormDefault="unqualified" > blockDefault="substitution" > version="2.0"> > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" > schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/> > <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" > schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/> > <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" > schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/> > <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" > schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/> > <xs:annotation> > <xs:documentation> > Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd > Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd > </xs:documentation> > </xs:annotation> > <!-- --> > <xs:element name="XACMLAuthzDecisionQuery" > type="xacmlsamlp:XACMLAuthzDecisionQueryType"/> > <xs:complexType name="XACMLAuthzDecisionQueryType"> > <xs:complexContent> > <xs:extension base="samlp:RequestAbstractType"> > <xs:sequence> > <xs:element ref="xacml-context:Request"/> > </xs:sequence> > <xs:attribute name="InputContextOnly" > type="boolean" > use="optional" > default="false"/> > <xs:attribute name="ReturnContext" > type="boolean" > use="optional" > default="false"/> > </xs:extension> > </xs:complexContent> > </xs:complexType> > <!-- --> > <xs:element name="XACMLPolicyQuery" > type="xacmlsamlp:XACMLPolicyQueryType"/> > <xs:complexType name="XACMLPolicyQueryType"> > <xs:complexContent> > <xs:extension base="samlp:RequestAbstractType"> > <xs:choice minOccurs="0" maxOccurs="unbounded"> > <xs:element ref="xacml-context:Request"/> > <xs:element ref="xacml:Target"/> > <xs:element ref="xacml:PolicySetIdReference"/> > <xs:element ref="xacml:PolicyIdReference"/> > </xs:choice> > </xs:extension> > </xs:complexContent> > </xs:complexType> > </schema> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]