OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] FW: Invalid XSDs in SAML 2.0 profile of XACML

This sounds to me like a XACML issue - I am resending the email to the 
XACML list.

Rich, did we run across this in the interop - or did we just use the new 
draft that Anne had prepared?

- prateek


> -----Original Message-----
> From: Rüdiger Gartmann [mailto:ruediger.gartmann@uni-muenster.de] 
> Sent: Wednesday, August 29, 2007 12:33 PM
> To: Hal Lockhart
> Subject: Invalid XSDs in SAML 2.0 profile of XACML 
>
> Hal,
>
> I hope you are the right person to address, at least you may know the 
> right person...
>
> Trying to implement the SAML 2.0 profile of XACML v2.0 (see 
> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf) 
> we found out that the XSDs which are provided on the OASIS web site 
> (http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd 
> and 
> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd) 
> are invalid. They include a couple of typos, missing namespace 
> declarations, etc. I attached two revised versions to this mail which 
> validate correctly.
>
> I am wondering if nobody had the same problems, especially since this 
> standard was released in 2005 (and the drafts had been out even earlier, 
> including the same errors).
>
> Maybe you can send me some feedback if I did anything wrong or what the 
> reason for these errors is.
>
> Best regards,
> Rüdiger
>
> P.S.: I am using XMLSpy 2007...
>   
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <schema xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:xacmlsaml="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0">
> 	<import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/>
> 	<import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/>
> 	<import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/>
> 	<import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/>
> 	<annotation>
> 		<documentation>
>         Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
>         Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
>     </documentation>
> 	</annotation>
> 	<!--    -->
> 	<element name="XACMLAuthzDecisionStatement" type="xacmlsaml:XACMLAuthzDecisionStatementType"/>
> 	<complexType name="XACMLAuthzDecisionStatementType">
> 		<complexContent>
> 			<extension base="saml:StatementAbstractType">
> 				<sequence>
> 					<element ref="xacml-context:Response"/>
> 					<element ref="xacml-context:Request" minOccurs="0"/>
> 				</sequence>
> 			</extension>
> 		</complexContent>
> 	</complexType>
> 	<!--    -->
> 	<element name="XACMLPolicyStatement" type="xacmlsaml:XACMLPolicyStatementType"/>
> 	<complexType name="XACMLPolicyStatementType">
> 		<complexContent>
> 			<extension base="saml:StatementAbstractType">
> 				<choice minOccurs="0" maxOccurs="unbounded">
> 					<element ref="xacml:Policy"/>
> 					<element ref="xacml:PolicySet"/>
> 				</choice>
> 			</extension>
> 		</complexContent>
> 	</complexType>
> </schema>
>   
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <schema
>     targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
>     xmlns:xacmlsamlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
>     xmlns:xs="http://www.w3.org/2001/XMLSchema";
>     xmlns="http://www.w3.org/2001/XMLSchema";
>     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>     xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
>     xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
>     elementFormDefault="unqualified"
>     attributeFormDefault="unqualified"
>     blockDefault="substitution"
>     version="2.0">
>   <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
>       schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/>
>   <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
>       schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/>
>   <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
>       schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/>
>   <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
>       schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/>
>   <xs:annotation>
>     <xs:documentation>
>         Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
>         Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
>     </xs:documentation>
>   </xs:annotation>
>   <!--    -->
>   <xs:element name="XACMLAuthzDecisionQuery"
>            type="xacmlsamlp:XACMLAuthzDecisionQueryType"/>
>   <xs:complexType name="XACMLAuthzDecisionQueryType">
>     <xs:complexContent>
>       <xs:extension base="samlp:RequestAbstractType">
>         <xs:sequence>
>           <xs:element ref="xacml-context:Request"/>
>         </xs:sequence>
>         <xs:attribute name="InputContextOnly"
>                       type="boolean"
>                       use="optional"
>                       default="false"/>
>         <xs:attribute name="ReturnContext"
>                       type="boolean"
>                       use="optional"
>                       default="false"/>
>       </xs:extension>
>     </xs:complexContent>
>   </xs:complexType>
>   <!--    -->
>   <xs:element name="XACMLPolicyQuery"
>            type="xacmlsamlp:XACMLPolicyQueryType"/>
>   <xs:complexType name="XACMLPolicyQueryType">
>     <xs:complexContent>
>       <xs:extension base="samlp:RequestAbstractType">
>         <xs:choice minOccurs="0" maxOccurs="unbounded">
>           <xs:element ref="xacml-context:Request"/>
>           <xs:element ref="xacml:Target"/>
>           <xs:element ref="xacml:PolicySetIdReference"/>
>           <xs:element ref="xacml:PolicyIdReference"/>
>         </xs:choice>
>       </xs:extension>
>     </xs:complexContent>
>   </xs:complexType>
> </schema>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]