[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Schemas with choice groups replacing substitution groups
Bad form to follow up my own post I guess but.. One of the issues that I have been asked to look at recently has been PSTC, the provisioning interface also bing developed by OASIS. Jeff Hodges has been making the undubitably correct point that PSTC should use SAML for access control. However I believe we need to go somewhat further, in particular PSTC should re-use SAML assertion or possibly statement elements. This would then allow a complete interoperable assertion based access control mechanism where the SAML and XACML assertions are initially created using PSTC. This brings us back to substitution groups(!). The choice groups we have just defined ensure that substitution group crippled schema validators do the right thing. Should we add the substitution group declarators back in however so that extensions that build arround the statement or assertion element don't have to replicate our choice groups to ensure that SAML elements can be used??? What I am thinking is that PSTC might use is an element of the form: <Provision> <AttributeStatement> <...Whatever...> Would choice groups + substitution groups cause problems??? Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com] > Sent: Thursday, September 27, 2001 5:26 PM > To: security-services@lists.oasis-open.org > Subject: Schemas with choice groups replacing substitution groups > > > All, > > Attached are the schemas with the choice groups replacing the > substitution groups. > > I introduced extra elements for subject statement and > query so that > extension schemas can key of them with an xsi:type duwinsky > and give maximum > info to the other application. > > Phill > > Phillip Hallam-Baker FBCS C.Eng. > Principal Scientist > VeriSign Inc. > pbaker@verisign.com > 781 245 6996 x227 > > >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC