OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] Core-21


Attached are the core-21 draft and the two schemas.

Phill kindly let me "own" core-21 after he put in the agreed-to technical 
changes, and I did a bunch of editorial things to it.  You'll find that the 
overall "look" (and, somewhat, the organization) of the core draft has 
changed to match the other specs more closely.  My goal was to stick to 
changes that were technically neutral (for example, there is still a notion 
of single/multiple assertions); if you find any instances where I 
accidentally changed a meaning, let me know.

I will separately be making a bunch of substantive comments/questions, 
hopefully before tomorrow's meeting so that we can discuss and decide on 
some of them.  I believe I'll have time to do a core-22 before I go on 
vacation December 13-18 if such is required, and Phill will return from his 
IETF meeting after next week, so that will be the handoff point.

	Eve
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
<schema 
        targetNamespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-21.xsd" 
        xmlns="http://www.w3.org/2001/XMLSchema" 
        xmlns:samlp="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-21.xsd" 
        xmlns:saml="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" 
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
        elementFormDefault="unqualified">
        <import namespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" 
                schemaLocation="draft-sstc-schema-assertion-21.xsd"/>
        <import namespace="http://www.w3.org/2000/09/xmldsig#" 
                schemaLocation="xmldsig-core-schema.xsd"/>
        <annotation>
                <documentation>draft-sstc-schema-protocol-21.xsd</documentation>
        </annotation>
        <simpleType name="CompletenessSpecifierType">
                <restriction base="string">
                        <enumeration value="Partial"/>
                        <enumeration value="AllOrNone"/>
                </restriction>
        </simpleType>
        <simpleType name="StatusCodeType">
                <restriction base="string">
                        <enumeration value="Success"/>
                        <enumeration value="Failure"/>
                        <enumeration value="Error"/>
                        <enumeration value="Unknown"/>
                </restriction>
        </simpleType>
        <complexType name="RequestAbstractType" abstract="true">
                <attribute name="RequestID" type="saml:IDType" use="required"/>
                <attribute name="MajorVersion" type="integer" use="required"/>
                <attribute name="MinorVersion" type="integer" use="required"/>
        </complexType>
        <element name="Request" type="samlp:RequestType"/>
        <complexType name="RequestType">
                <complexContent>
                        <extension base="samlp:RequestAbstractType">
                                <choice>
                                        <element ref="samlp:Query"/>
                                        <element ref="samlp:SubjectQuery"/>
                                        <element ref="samlp:AuthenticationQuery"/>
                                        <element ref="samlp:AttributeQuery"/>
                                        <element ref="samlp:AuthorizationQuery"/>
                                        <element ref="saml:AssertionID" maxOccurs="unbounded"/>
                                        <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
                                </choice>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AssertionArtifact" type="string"/>
        <element name="Query" type="samlp:QueryAbstractType"/>
        <complexType name="QueryAbstractType" abstract="true"/>
        <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
        <complexType name="SubjectQueryAbstractType" abstract="true">
                <complexContent>
                        <extension base="samlp:QueryAbstractType">
                                <sequence>
                                        <element ref="saml:Subject"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
        <complexType name="AuthenticationQueryType">
                <complexContent>
                        <extension base="samlp:SubjectQueryAbstractType">
                                <sequence>
                                        <element ref="saml:ConfirmationMethod" minOccurs="0"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
        <complexType name="AttributeQueryType">
                <complexContent>
                        <extension base="samlp:SubjectQueryAbstractType">
                                <sequence>
                                        <element ref="saml:AttributeDesignator" 
                                                        minOccurs="0" maxOccurs="unbounded"/>
                                </sequence>
                                <attribute name="CompletenessSpecifier" 
                                                type="samlp:CompletenessSpecifierType" use="required"/>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AuthorizationQuery" type="samlp:AuthorizationQueryType"/>
        <complexType name="AuthorizationQueryType">
                <complexContent>
                        <extension base="samlp:SubjectQueryAbstractType">
                                <sequence>
                                        <element ref="saml:Actions"/>
                                        <element ref="saml:Evidence" 
                                                        minOccurs="0" maxOccurs="unbounded"/>
                                </sequence>
                                <attribute name="Resource" type="anyURI"/>
                        </extension>
                </complexContent>
        </complexType>
        <complexType name="ResponseAbstractType" abstract="true">
                <attribute name="ResponseID" type="saml:IDType" use="required"/>
                <attribute name="InResponseTo" type="saml:IDType" use="required"/>
                <attribute name="MajorVersion" type="integer" use="required"/>
                <attribute name="MinorVersion" type="integer" use="required"/>
        </complexType>
        <element name="Response" type="samlp:ResponseType"/>
        <complexType name="ResponseType">
                <complexContent>
                        <extension base="samlp:ResponseAbstractType">
                                <choice minOccurs="0" maxOccurs="unbounded">
                                        <element ref="saml:Assertion"/>
                                        <element ref="saml:SingleAssertion"/>
                                        <element ref="saml:MultipleAssertion"/>
                                </choice>
                                <attribute name="StatusCode" 
                                                        type="samlp:StatusCodeType" use="required"/>
                        </extension>
                </complexContent>
        </complexType>
</schema>
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
<schema 
        targetNamespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" 
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
        xmlns:saml="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" 
        xmlns="http://www.w3.org/2001/XMLSchema" 
        elementFormDefault="unqualified">
        <import namespace="http://www.w3.org/2000/09/xmldsig#" 
                schemaLocation="xmldsig-core-schema.xsd"/>
        <annotation>
                <documentation>draft-sstc-schema-assertion-21.xsd</documentation>
        </annotation>
        <element name="AssertionID" type="saml:IDType"/>
        <simpleType name="IDType">
                <restriction base="string"/>
        </simpleType>
        <simpleType name="DecisionType">
                <restriction base="string">
                        <enumeration value="Permit"/>
                        <enumeration value="Deny"/>
                        <enumeration value="Indeterminate"/>
                </restriction>
        </simpleType>
        <element name="Assertion" type="saml:AssertionAbstractType"/>
        <complexType name="AssertionAbstractType" abstract="true">
                <sequence>
                        <element ref="saml:Conditions" minOccurs="0"/>
                        <element ref="saml:Advice" minOccurs="0"/>
                </sequence>
                <attribute name="MajorVersion" type="integer" use="required"/>
                <attribute name="MinorVersion" type="integer" use="required"/>
                <attribute name="AssertionID" type="saml:IDType" use="required"/>
                <attribute name="Issuer" type="string" use="required"/>
                <attribute name="IssueInstant" type="dateTime" use="required"/>
        </complexType>
        <element name="SingleAssertion" type="saml:SingleAssertionType"/>
        <complexType name="SingleAssertionType">
                <complexContent>
                        <extension base="saml:AssertionAbstractType">
                                <choice>
                                        <element ref="saml:Statement"/>
                                        <element ref="saml:SubjectStatement"/>
                                        <element ref="saml:AuthenticationStatement"/>
                                        <element ref="saml:AuthorizationStatement"/>
                                        <element ref="saml:AttributeStatement"/>
                                </choice>
                        </extension>
                </complexContent>
        </complexType>
        <element name="MultipleAssertion" type="saml:MultipleAssertionType"/>
        <complexType name="MultipleAssertionType">
                <complexContent>
                        <extension base="saml:AssertionAbstractType">
                                <choice minOccurs="0" maxOccurs="unbounded">
                                        <element ref="saml:Statement"/>
                                        <element ref="saml:SubjectStatement"/>
                                        <element ref="saml:AuthenticationStatement"/>
                                        <element ref="saml:AuthorizationStatement"/>
                                        <element ref="saml:AttributeStatement"/>
                                </choice>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AssertionSpecifier" type="saml:AssertionSpecifierType"/>
        <complexType name="AssertionSpecifierType">
                <choice>
                        <element ref="saml:AssertionID"/>
                        <element ref="saml:Assertion"/>
                        <element ref="saml:SingleAssertion"/>
                        <element ref="saml:MultipleAssertion"/>
                </choice>
        </complexType>
        <element name="Statement" type="saml:StatementAbstractType"/>
        <complexType name="StatementAbstractType" abstract="true"/>
        <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
        <complexType name="SubjectStatementAbstractType" abstract="true">
                <complexContent>
                        <extension base="saml:StatementAbstractType">
                                <sequence>
                                        <element ref="saml:Subject"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="Subject" type="saml:SubjectType"/>
        <complexType name="SubjectType">
                <choice maxOccurs="unbounded">
                        <element ref="saml:NameIdentifier"/>
                        <element ref="saml:SubjectConfirmation"/>
                        <element ref="saml:AssertionSpecifier"/>
                </choice>
        </complexType>
        <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
        <complexType name="SubjectConfirmationType">
                <sequence>
                        <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
                        <element name="SubjectConfirmationData" type="string" minOccurs="0"/>
                        <element ref="ds:KeyInfo" minOccurs="0"/>
                </sequence>
                <!-- Need to modify this element-->
        </complexType>
        <element name="NameIdentifier" type="saml:NameIdentifierType"/>
        <complexType name="NameIdentifierType">
                <attribute name="SecurityDomain" type="string"/>
                <attribute name="Name" type="string"/>
        </complexType>
        <element name="ConfirmationMethod" type="anyURI"/>
        <element name="AuthenticationStatement" 
                                type="saml:AuthenticationStatementType"/>
        <complexType name="AuthenticationStatementType">
                <complexContent>
                        <extension base="saml:SubjectStatementAbstractType">
                                <sequence>
                                        <element ref="saml:AuthenticationLocality" minOccurs="0"/>
                                </sequence>
                                <attribute name="AuthenticationMethod" type="anyURI"/>
                                <attribute name="AuthenticationInstant" type="dateTime"/>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AuthenticationLocality" 
                                type="saml:AuthenticationLocalityType"/>
        <complexType name="AuthenticationLocalityType">
                <attribute name="IPAddress" type="string" use="optional"/>
                <attribute name="DNSAddress" type="string" use="optional"/>
        </complexType>
        <element name="AuthorizationStatement" 
                                type="saml:AuthorizationStatementType"/>
        <complexType name="AuthorizationStatementType">
                <complexContent>
                        <extension base="saml:SubjectStatementAbstractType">
                                <sequence>
                                        <element ref="saml:Actions"/>
                                        <element ref="saml:Evidence" 
                                                        minOccurs="0" maxOccurs="unbounded"/>
                                </sequence>
                                <attribute name="Resource" type="anyURI" use="optional"/>
                                <attribute name="Decision" 
                                                type="saml:DecisionType" use="optional"/>
                        </extension>
                </complexContent>
        </complexType>
        <element name="Actions" type="saml:ActionsType"/>
        <complexType name="ActionsType">
                <sequence>
                        <element ref="saml:Action" maxOccurs="unbounded"/>
                </sequence>
                <attribute name="Namespace" type="anyURI" use="optional"/>
        </complexType>
        <element name="Action" type="string"/>
        <element name="Evidence" type="saml:AssertionSpecifierType"/>
        <element name="AttributeStatement" type="saml:AttributeStatementType"/>
        <complexType name="AttributeStatementType">
                <complexContent>
                        <extension base="saml:SubjectStatementAbstractType">
                                <sequence>
                                        <element ref="saml:Attribute" maxOccurs="unbounded"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
        <complexType name="AttributeDesignatorType">
                <attribute name="AttributeName" type="string"/>
                <attribute name="AttributeNamespace" type="anyURI"/>
        </complexType>
        <element name="Attribute" type="saml:AttributeType"/>
        <complexType name="AttributeType">
                <complexContent>
                        <extension base="saml:AttributeDesignatorType">
                                <sequence>
                                        <element ref="saml:AttributeValue"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="AttributeValue" type="saml:AttributeValueType"/>
        <complexType name="AttributeValueType">
                <sequence>
                        <any namespace="##any" processContents="lax" 
                                        minOccurs="0" maxOccurs="unbounded"/>
                </sequence>
        </complexType>
        <element name="Conditions" type="saml:ConditionsType"/>
        <complexType name="ConditionsType">
                <choice minOccurs="0" maxOccurs="unbounded">
                        <element ref="saml:Condition"/>
                        <element ref="saml:AudienceRestrictionCondition"/>
                </choice>
                <attribute name="NotBefore" type="dateTime" use="optional"/>
                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
        </complexType>
        <element name="Condition" type="saml:ConditionAbstractType"/>
        <complexType name="ConditionAbstractType" abstract="true"/>
        <element name="AudienceRestrictionCondition"                    
                        type="saml:AudienceRestrictionConditionType"/>
        <complexType name="AudienceRestrictionConditionType">
                <complexContent>
                        <extension base="saml:ConditionAbstractType">
                                <sequence>
                                        <element ref="saml:Audience" 
                                                        minOccurs="1" maxOccurs="unbounded"/>
                                </sequence>
                        </extension>
                </complexContent>
        </complexType>
        <element name="Audience" type="anyURI"/>
        <element name="Advice" type="saml:AdviceType"/>
        <complexType name="AdviceType">
                <sequence>
                        <choice minOccurs="0" maxOccurs="unbounded">
                                <element ref="saml:AssertionSpecifier"/>
                                <element ref="saml:AdviceElement"/>
                                <any namespace="##other" processContents="lax"/>
                        </choice>
                </sequence>
        </complexType>
        <element name="AdviceElement" type="saml:AdviceAbstractType"/>
        <complexType name="AdviceAbstractType"/>
</schema>

draft-sstc-core-21.doc

--
Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC