[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Carrying any policies
Hi David, From http://docs.oasis-open.org/xacml/3.0/xacml-3.0-profile-saml2.0-v2-schema-protocol-wd-13.xsd <element name="XACMLAuthzDecisionQuery" xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"/> <complexType name="XACMLAuthzDecisionQueryType"> <complexContent> <extension base="samlp:RequestAbstractType"> <sequence> <element ref="xacml-context:Request"/> <element ref="xacml-samlp:AdditionalAttributes" minOccurs="0" maxOccurs="1"/> <element ref="xacml:Policy" minOccurs="0" maxOccurs="unbounded"/> <element ref="xacml:PolicySet" minOccurs="0" maxOccurs="unbounded"/> <element ref="xacml-saml:ReferencedPolicies" minOccurs="0" maxOccurs="1"/> <element ref="xacml-samlp:Extensions" minOccurs="0"/> </sequence> <attribute name="InputContextOnly" type="boolean" use="optional" default="false"/> <attribute name="ReturnContext" type="boolean" use="optional" default="false"/> <attribute name="CombinePolicies" type="boolean" use="optional" default="true"/> </extension> </complexContent> </complexType> I believe that the "Extensions" element is the one you are looking for. It is defined as: <element name="Extensions" xsi:type="xacml-samlp:ExtensionsType"/> <complexType name="ExtensionsType"> <sequence> <any namespace="##any" processContents="strict" minOccurs="0" maxOccurs="unbounded"/> </sequence> </complexType> Best regards, Erik On 2010-11-30 10:02, David Chadwick wrote: > Hi Hal > > In the notes of the F2F meeting last December 2009 it was noted > > Hal: propose: not change core schema; > change saml profile to put any at end > and pep returns indeterminate; > lax or strict schema checking; > > lax,strict,skip > > proposal is to put in XACML-3.0-cd-1.updated-2009-May-07\XSD\ > xacml-3.0-profile-saml2.0-v2-schema-protocol-cd1.xsd > > just in time policies that arrive just in time for current > request; as long as there is chain of admin policies that > the policy is ok. > > Basically, policies provided must be understood one way or > another to determine if relevant, and if can't be read, then > pdp doesn't know what it is and must reject the request. > > I have been looking through the latest schema protocol document but I > cannot find the any that was mentioned in the minutes. Do you know if > it got forgotten about > > regards > > David > > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security > School of Computing, University of Kent, Canterbury, CT2 7NF > Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@kent.ac.uk > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: > http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]