OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Schemas with choice groups replacing substitution groups

Bad form to follow up my own post I guess but..

One of the issues that I have been asked to look at recently has been PSTC,
the provisioning interface also bing developed by OASIS.

Jeff Hodges has been making the undubitably correct point that PSTC should
use SAML for access control.

However I believe we need to go somewhat further, in particular PSTC should
re-use SAML assertion or possibly statement elements. This would then allow
a complete interoperable assertion based access control mechanism where the
SAML and XACML assertions are initially created using PSTC.


This brings us back to substitution groups(!).

The choice groups we have just defined ensure that substitution group
crippled schema validators do the right thing. Should we add the
substitution group declarators back in however so that extensions that build
arround the statement or assertion element don't have to replicate our
choice groups to ensure that SAML elements can be used???


What I am thinking is that PSTC might use is an element of the form:

<Provision>
   <AttributeStatement>
      <...Whatever...> 

Would choice groups + substitution groups cause problems???


		Phill


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
> Sent: Thursday, September 27, 2001 5:26 PM
> To: security-services@lists.oasis-open.org
> Subject: Schemas with choice groups replacing substitution groups
> 
> 
> All,
> 
> 	Attached are the schemas with the choice groups replacing the
> substitution groups.
> 
> 	I introduced extra elements for subject statement and 
> query so that
> extension schemas can key of them with an xsi:type duwinsky 
> and give maximum
> info to the other application.
> 
> 		Phill
> 
> Phillip Hallam-Baker FBCS C.Eng.
> Principal Scientist
> VeriSign Inc.
> pbaker@verisign.com
> 781 245 6996 x227
>  
> 
>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC