OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: Invalid XSDs in SAML 2.0 profile of XACML



-----Original Message-----
From: Rüdiger Gartmann [mailto:ruediger.gartmann@uni-muenster.de] 
Sent: Wednesday, August 29, 2007 12:33 PM
To: Hal Lockhart
Subject: Invalid XSDs in SAML 2.0 profile of XACML 

Hal,

I hope you are the right person to address, at least you may know the 
right person...

Trying to implement the SAML 2.0 profile of XACML v2.0 (see 
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf) 
we found out that the XSDs which are provided on the OASIS web site 
(http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd 
and 
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd) 
are invalid. They include a couple of typos, missing namespace 
declarations, etc. I attached two revised versions to this mail which 
validate correctly.

I am wondering if nobody had the same problems, especially since this 
standard was released in 2005 (and the drafts had been out even earlier, 
including the same errors).

Maybe you can send me some feedback if I did anything wrong or what the 
reason for these errors is.

Best regards,
Rüdiger

P.S.: I am using XMLSpy 2007...
-- 
Dipl.-Wirt.Inform. Rüdiger Gartmann

Institut für Geoinformatik
Westfälische Wilhelms-Universität Münster
Robert-Koch-Str. 26-28
D-48149 Münster, Germany

***************************************************
**** Vorübergehend neue Telefon- und Faxnummer ****
**                                               **
**           Tel: +49 251 / 7474 - 301           **
**           Fax: +49 251 / 7474 - 100           **
**                                               **
****** Temporarily new phone and fax numbers ******
***************************************************

E-Mail: ruediger.gartmann@uni-muenster.de
http://ifgi.uni-muenster.de

DFN-Wurzelzertifikat / DFN-Root-Certificate:
https://pki.pca.dfn.de/wwu-ca/pub/cacert/rootcert.crt

<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:xacmlsaml="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0">
	<import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/>
	<import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/>
	<import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/>
	<import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/>
	<annotation>
		<documentation>
        Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
        Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
    </documentation>
	</annotation>
	<!--    -->
	<element name="XACMLAuthzDecisionStatement" type="xacmlsaml:XACMLAuthzDecisionStatementType"/>
	<complexType name="XACMLAuthzDecisionStatementType">
		<complexContent>
			<extension base="saml:StatementAbstractType">
				<sequence>
					<element ref="xacml-context:Response"/>
					<element ref="xacml-context:Request" minOccurs="0"/>
				</sequence>
			</extension>
		</complexContent>
	</complexType>
	<!--    -->
	<element name="XACMLPolicyStatement" type="xacmlsaml:XACMLPolicyStatementType"/>
	<complexType name="XACMLPolicyStatementType">
		<complexContent>
			<extension base="saml:StatementAbstractType">
				<choice minOccurs="0" maxOccurs="unbounded">
					<element ref="xacml:Policy"/>
					<element ref="xacml:PolicySet"/>
				</choice>
			</extension>
		</complexContent>
	</complexType>
</schema>

<?xml version="1.0" encoding="UTF-8"?>
<schema
    targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
    xmlns:xacmlsamlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
    xmlns:xs="http://www.w3.org/2001/XMLSchema";
    xmlns="http://www.w3.org/2001/XMLSchema";
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
    xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
    elementFormDefault="unqualified"
    attributeFormDefault="unqualified"
    blockDefault="substitution"
    version="2.0">
  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
      schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/>
  <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
      schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/>
  <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
      schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/>
  <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
      schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/>
  <xs:annotation>
    <xs:documentation>
        Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
        Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
    </xs:documentation>
  </xs:annotation>
  <!--    -->
  <xs:element name="XACMLAuthzDecisionQuery"
           type="xacmlsamlp:XACMLAuthzDecisionQueryType"/>
  <xs:complexType name="XACMLAuthzDecisionQueryType">
    <xs:complexContent>
      <xs:extension base="samlp:RequestAbstractType">
        <xs:sequence>
          <xs:element ref="xacml-context:Request"/>
        </xs:sequence>
        <xs:attribute name="InputContextOnly"
                      type="boolean"
                      use="optional"
                      default="false"/>
        <xs:attribute name="ReturnContext"
                      type="boolean"
                      use="optional"
                      default="false"/>
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>
  <!--    -->
  <xs:element name="XACMLPolicyQuery"
           type="xacmlsamlp:XACMLPolicyQueryType"/>
  <xs:complexType name="XACMLPolicyQueryType">
    <xs:complexContent>
      <xs:extension base="samlp:RequestAbstractType">
        <xs:choice minOccurs="0" maxOccurs="unbounded">
          <xs:element ref="xacml-context:Request"/>
          <xs:element ref="xacml:Target"/>
          <xs:element ref="xacml:PolicySetIdReference"/>
          <xs:element ref="xacml:PolicyIdReference"/>
        </xs:choice>
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>
</schema>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]