[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Sanity Check
So, these are three examples that I threw together that validate against the current schema proposals (with one minor change that I am currently discussing with Phil on another thread *). They should give you an idea of what SAML Assertions will look like under the current proposal. Can you please look these over and tell me if they represent what we all think the schema currently expresses? Or, alternatively, if I have failed to grasp something in creating the examples, that would also be a good thing to know. I haven't done an example of the Assertion List yet, but I may do one after whatever discussion we have about these is done. Don't worry about the namespace locators in the <Assertion> element. Ultimately they will point to where we publicly make the SAML schemas available, but for now they just point to copies of the schema on my desktop. C. (* at present the Assertion element has a type that cannot be instantiated because it is explicitly marked as abstract. I believe this is just an artefact of a previous schema where we has multiple Assertion types rather than multiple Statement types. The minor change is removing the "abstract=true" declaration from the AssertionType definition.)
<?xml version="1.0" encoding="UTF-8"?> <Assertion MajorVersion="1" MinorVersion="0" AssertionID="http://www.example.com/assertion/a8D44fgH5" Issuer="Example Corporation" IssueInstant="UTC Time" xmlns="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd C:\DOCUME~1\cmclaren\Desktop\draft-sstc-schema-assertion-16.xsd"> <Conditions NotBefore="Jun 16 2001" NotOnOrAfter="Jun 17 2001"> <AbstractCondition xsi:type="AudienceRestrictionConditionType"> <Audience>http://www.example.com/partners/agreements/bind014.xml</Audience> </AbstractCondition> </Conditions> <AttributeStatement> <Subject> <NameIdentifier Name="John Q. Public" SecurityDomain="Example Corporation"/> <SubjectConfirmation> <ConfirmationMethod>http://www.w3.org/2000/09/xmldsig#rsa-sha1</ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue> <ds:DSAKeyValue> <ds:P> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFn Ej6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y> i5/D5JhXm/ZbA+ivdGTdqrrAu/HHkiMDit6J1/KFJLKkTidMzM5xJADzxw6Tj+mKji +fJee5EHlQF90a7apwYTxpE6JZN8BMhOu8zw6wFEhRg4xQBUerV0fRPkeN5PpyioN6 RvbHftp/ITUlqN9N53lVTWdc9CHYat6PuOtfTWA= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> <ds:X509Data> <ds:X509SubjectName> CN=SomeUser, OU=Some Group, O=Example, L=SomeCity, ST=SomeState, C=SomeCountry </ds:X509SubjectName> <ds:X509Certificate> MIIDMTCCAu8CBDqIR9gwCwYHKoZIzjgEAwUAMH4xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz YWNodXNldHRzMRAwDgYDVQQHEwdNZXRodWVuMRIwEAYDVQQKEwlOZXRlZ3JpdHkxGTAXBgNVBAsT EEIyQiBBZ2VudHMgR3JvdXAxFjAUBgNVBAMTDVJvYmVydCBUYXlsb3IwHhcNMDEwMjEyMjAzMDE2 WhcNMDEwNTEzMjAzMDE2WjB+MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEQ MA4GA1UEBxMHTWV0aHVlbjESMBAGA1UEChMJTmV0ZWdyaXR5MRkwFwYDVQQLExBCMkIgQWdlbnRz IEdyb3VwMRYwFAYDVQQDEw1Sb2JlcnQgVGF5bG9yMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/ U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00 b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA AoGBAIufw+SYV5v2WwPor3Rk3aq6wLvxx5IjA4reidfyhSSypE4nTMzOcSQA88cOk4/pio4vnyXn uRB5UBfdGu2qcGE8aROiWTfATITrvM8OsBRIUYOMUAVHq1dH0T5HjeT6coqDekb2x37afyE1Jajf Ted5VU1nXPQh2Grej7jrX01gMAsGByqGSM44BAMFAAMvADAsAhRy+2AJp8ZZ8OVSe02TsjZ21p0W BQIUOvsjuK7l5yd7l5WvjEmP+MVzSJg= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </SubjectConfirmation> </Subject> <Attribute AttributeName="CreditRating" AttributeNamespace="http://www.example.com/standard/credit.xsd"> <AttributeValue> <cr:CreditRating xlmns:cr="http://www.example.com/standard/credit.xsd"> <cr:RatingBody>TRW</cr:RatingBody> <cr:Score>AAA</cr:Score> </cr:CreditRating> </AttributeValue> </Attribute> </AttributeStatement> </Assertion>
<?xml version="1.0" encoding="UTF-8"?> <Assertion MajorVersion="1" MinorVersion="0" AssertionID="http://www.example.com/assertion/a3E4fgH5" Issuer="Example Corporation" IssueInstant="UTC Time" xmlns="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd C:\DOCUME~1\cmclaren\Desktop\draft-sstc-schema-assertion-16.xsd"> <Conditions NotBefore="Jun 16 2001" NotOnOrAfter="Jun 17 2001"> <AbstractCondition xsi:type="AudienceRestrictionConditionType"> <Audience>http://www.example.com/partners/agreements/bind004.xml</Audience> </AbstractCondition> </Conditions> <Advice> <contact:Person xmls:contact="http://www.example.com/standard/contact.xsd"> <contact:First>John</contact:First> <contact:Last>Public</contact:Last> <contact:Title>Office Manager</contact:Title> <contact:PhoneExt>114</contact:PhoneExt> <contact:EMail>johnqpublic@example.com</contact:EMail> <contact:Office> <contact:Name>Example Corporation</contact:Name> <contact:Established>2001-03-01</contact:Established> <contact:Address> <contact::street>9865 Street Street, Suite 123</contact::street> <contact::city>Somecity</contact::city> <contact::state>MA</contact::state> <contact::zip>02451</contact::zip> </contact:Address> <contact:Phone>+1 (555) 555 5555</contact:Phone> <contact:Fax>+1 (555) 555 5556</contact:Fax> <contact:EMail>inquiries@example.com</contact:EMail> </contact:Office> </contact:Person> </Advice> <AuthenticationStatement AuthenticationInstant="UTC Time" AuthenticationMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"> <Subject> <NameIdentifier Name="John Q. Public" SecurityDomain="Example Corporation"/> <SubjectConfirmation> <ConfirmationMethod>http://www.w3.org/2000/09/xmldsig#rsa-sha1</ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue> <ds:DSAKeyValue> <ds:P> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFn Ej6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y> i5/D5JhXm/ZbA+ivdGTdqrrAu/HHkiMDit6J1/KFJLKkTidMzM5xJADzxw6Tj+mKji +fJee5EHlQF90a7apwYTxpE6JZN8BMhOu8zw6wFEhRg4xQBUerV0fRPkeN5PpyioN6 RvbHftp/ITUlqN9N53lVTWdc9CHYat6PuOtfTWA= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> <ds:X509Data> <ds:X509SubjectName> CN=SomeUser, OU=Some Group, O=Example, L=SomeCity, ST=SomeState, C=SomeCountry </ds:X509SubjectName> <ds:X509Certificate> MIIDMTCCAu8CBDqIR9gwCwYHKoZIzjgEAwUAMH4xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz YWNodXNldHRzMRAwDgYDVQQHEwdNZXRodWVuMRIwEAYDVQQKEwlOZXRlZ3JpdHkxGTAXBgNVBAsT EEIyQiBBZ2VudHMgR3JvdXAxFjAUBgNVBAMTDVJvYmVydCBUYXlsb3IwHhcNMDEwMjEyMjAzMDE2 WhcNMDEwNTEzMjAzMDE2WjB+MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEQ MA4GA1UEBxMHTWV0aHVlbjESMBAGA1UEChMJTmV0ZWdyaXR5MRkwFwYDVQQLExBCMkIgQWdlbnRz IEdyb3VwMRYwFAYDVQQDEw1Sb2JlcnQgVGF5bG9yMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/ U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00 b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA AoGBAIufw+SYV5v2WwPor3Rk3aq6wLvxx5IjA4reidfyhSSypE4nTMzOcSQA88cOk4/pio4vnyXn uRB5UBfdGu2qcGE8aROiWTfATITrvM8OsBRIUYOMUAVHq1dH0T5HjeT6coqDekb2x37afyE1Jajf Ted5VU1nXPQh2Grej7jrX01gMAsGByqGSM44BAMFAAMvADAsAhRy+2AJp8ZZ8OVSe02TsjZ21p0W BQIUOvsjuK7l5yd7l5WvjEmP+MVzSJg= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </SubjectConfirmation> </Subject> <AuthenticationLocality DNSAddress="www.example.com" IPAddress="128.9.167.32"/> </AuthenticationStatement> </Assertion>
<?xml version="1.0" encoding="UTF-8"?> <Assertion MajorVersion="1" MinorVersion="0" AssertionID="http://www.example.com/assertion/a3E46D45" Issuer="Example Corporation" IssueInstant="UTC Time" xmlns="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-16.xsd C:\DOCUME~1\cmclaren\Desktop\draft-sstc-schema-assertion-16.xsd"> <Conditions NotBefore="Jun 16 2001" NotOnOrAfter="Jun 17 2001"> <AbstractCondition xsi:type="AudienceRestrictionConditionType"> <Audience>http://www.example.com/partners/agreements/bind024.xml</Audience> </AbstractCondition> </Conditions> <AuthorizationStatement Decision="Permit" Resource="order://www.example.com/we9OIJDd987"> <Subject> <NameIdentifier Name="John Q. Public" SecurityDomain="Example Corporation"/> <SubjectConfirmation> <ConfirmationMethod>http://www.w3.org/2000/09/xmldsig#rsa-sha1</ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue> <ds:DSAKeyValue> <ds:P> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFn Ej6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y> i5/D5JhXm/ZbA+ivdGTdqrrAu/HHkiMDit6J1/KFJLKkTidMzM5xJADzxw6Tj+mKji +fJee5EHlQF90a7apwYTxpE6JZN8BMhOu8zw6wFEhRg4xQBUerV0fRPkeN5PpyioN6 RvbHftp/ITUlqN9N53lVTWdc9CHYat6PuOtfTWA= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> <ds:X509Data> <ds:X509SubjectName> CN=SomeUser, OU=Some Group, O=Example, L=SomeCity, ST=SomeState, C=SomeCountry </ds:X509SubjectName> <ds:X509Certificate> MIIDMTCCAu8CBDqIR9gwCwYHKoZIzjgEAwUAMH4xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz YWNodXNldHRzMRAwDgYDVQQHEwdNZXRodWVuMRIwEAYDVQQKEwlOZXRlZ3JpdHkxGTAXBgNVBAsT EEIyQiBBZ2VudHMgR3JvdXAxFjAUBgNVBAMTDVJvYmVydCBUYXlsb3IwHhcNMDEwMjEyMjAzMDE2 WhcNMDEwNTEzMjAzMDE2WjB+MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEQ MA4GA1UEBxMHTWV0aHVlbjESMBAGA1UEChMJTmV0ZWdyaXR5MRkwFwYDVQQLExBCMkIgQWdlbnRz IEdyb3VwMRYwFAYDVQQDEw1Sb2JlcnQgVGF5bG9yMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/ U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00 b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA AoGBAIufw+SYV5v2WwPor3Rk3aq6wLvxx5IjA4reidfyhSSypE4nTMzOcSQA88cOk4/pio4vnyXn uRB5UBfdGu2qcGE8aROiWTfATITrvM8OsBRIUYOMUAVHq1dH0T5HjeT6coqDekb2x37afyE1Jajf Ted5VU1nXPQh2Grej7jrX01gMAsGByqGSM44BAMFAAMvADAsAhRy+2AJp8ZZ8OVSe02TsjZ21p0W BQIUOvsjuK7l5yd7l5WvjEmP+MVzSJg= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </SubjectConfirmation> </Subject> <Actions Namespace="http://www.example.com/partners/agreements/bind024.xml"> <Action>Execute</Action> </Actions> <Evidence> <AssertionID>http://www.example.com/assertion/a3E4DHU7</AssertionID> </Evidence> </AuthorizationStatement> </Assertion>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC