[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Core-21
Attached are the core-21 draft and the two schemas. Phill kindly let me "own" core-21 after he put in the agreed-to technical changes, and I did a bunch of editorial things to it. You'll find that the overall "look" (and, somewhat, the organization) of the core draft has changed to match the other specs more closely. My goal was to stick to changes that were technically neutral (for example, there is still a notion of single/multiple assertions); if you find any instances where I accidentally changed a meaning, let me know. I will separately be making a bunch of substantive comments/questions, hopefully before tomorrow's meeting so that we can discuss and decide on some of them. I believe I'll have time to do a core-22 before I go on vacation December 13-18 if such is required, and Phill will return from his IETF meeting after next week, so that will be the handoff point. Eve
<?xml version="1.0" encoding="UTF-8"?> <!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) --> <schema targetNamespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-21.xsd" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:samlp="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-21.xsd" xmlns:saml="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified"> <import namespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" schemaLocation="draft-sstc-schema-assertion-21.xsd"/> <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <annotation> <documentation>draft-sstc-schema-protocol-21.xsd</documentation> </annotation> <simpleType name="CompletenessSpecifierType"> <restriction base="string"> <enumeration value="Partial"/> <enumeration value="AllOrNone"/> </restriction> </simpleType> <simpleType name="StatusCodeType"> <restriction base="string"> <enumeration value="Success"/> <enumeration value="Failure"/> <enumeration value="Error"/> <enumeration value="Unknown"/> </restriction> </simpleType> <complexType name="RequestAbstractType" abstract="true"> <attribute name="RequestID" type="saml:IDType" use="required"/> <attribute name="MajorVersion" type="integer" use="required"/> <attribute name="MinorVersion" type="integer" use="required"/> </complexType> <element name="Request" type="samlp:RequestType"/> <complexType name="RequestType"> <complexContent> <extension base="samlp:RequestAbstractType"> <choice> <element ref="samlp:Query"/> <element ref="samlp:SubjectQuery"/> <element ref="samlp:AuthenticationQuery"/> <element ref="samlp:AttributeQuery"/> <element ref="samlp:AuthorizationQuery"/> <element ref="saml:AssertionID" maxOccurs="unbounded"/> <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/> </choice> </extension> </complexContent> </complexType> <element name="AssertionArtifact" type="string"/> <element name="Query" type="samlp:QueryAbstractType"/> <complexType name="QueryAbstractType" abstract="true"/> <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> <complexType name="SubjectQueryAbstractType" abstract="true"> <complexContent> <extension base="samlp:QueryAbstractType"> <sequence> <element ref="saml:Subject"/> </sequence> </extension> </complexContent> </complexType> <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/> <complexType name="AuthenticationQueryType"> <complexContent> <extension base="samlp:SubjectQueryAbstractType"> <sequence> <element ref="saml:ConfirmationMethod" minOccurs="0"/> </sequence> </extension> </complexContent> </complexType> <element name="AttributeQuery" type="samlp:AttributeQueryType"/> <complexType name="AttributeQueryType"> <complexContent> <extension base="samlp:SubjectQueryAbstractType"> <sequence> <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="CompletenessSpecifier" type="samlp:CompletenessSpecifierType" use="required"/> </extension> </complexContent> </complexType> <element name="AuthorizationQuery" type="samlp:AuthorizationQueryType"/> <complexType name="AuthorizationQueryType"> <complexContent> <extension base="samlp:SubjectQueryAbstractType"> <sequence> <element ref="saml:Actions"/> <element ref="saml:Evidence" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Resource" type="anyURI"/> </extension> </complexContent> </complexType> <complexType name="ResponseAbstractType" abstract="true"> <attribute name="ResponseID" type="saml:IDType" use="required"/> <attribute name="InResponseTo" type="saml:IDType" use="required"/> <attribute name="MajorVersion" type="integer" use="required"/> <attribute name="MinorVersion" type="integer" use="required"/> </complexType> <element name="Response" type="samlp:ResponseType"/> <complexType name="ResponseType"> <complexContent> <extension base="samlp:ResponseAbstractType"> <choice minOccurs="0" maxOccurs="unbounded"> <element ref="saml:Assertion"/> <element ref="saml:SingleAssertion"/> <element ref="saml:MultipleAssertion"/> </choice> <attribute name="StatusCode" type="samlp:StatusCodeType" use="required"/> </extension> </complexContent> </complexType> </schema>
<?xml version="1.0" encoding="UTF-8"?> <!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) --> <schema targetNamespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-21.xsd" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified"> <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <annotation> <documentation>draft-sstc-schema-assertion-21.xsd</documentation> </annotation> <element name="AssertionID" type="saml:IDType"/> <simpleType name="IDType"> <restriction base="string"/> </simpleType> <simpleType name="DecisionType"> <restriction base="string"> <enumeration value="Permit"/> <enumeration value="Deny"/> <enumeration value="Indeterminate"/> </restriction> </simpleType> <element name="Assertion" type="saml:AssertionAbstractType"/> <complexType name="AssertionAbstractType" abstract="true"> <sequence> <element ref="saml:Conditions" minOccurs="0"/> <element ref="saml:Advice" minOccurs="0"/> </sequence> <attribute name="MajorVersion" type="integer" use="required"/> <attribute name="MinorVersion" type="integer" use="required"/> <attribute name="AssertionID" type="saml:IDType" use="required"/> <attribute name="Issuer" type="string" use="required"/> <attribute name="IssueInstant" type="dateTime" use="required"/> </complexType> <element name="SingleAssertion" type="saml:SingleAssertionType"/> <complexType name="SingleAssertionType"> <complexContent> <extension base="saml:AssertionAbstractType"> <choice> <element ref="saml:Statement"/> <element ref="saml:SubjectStatement"/> <element ref="saml:AuthenticationStatement"/> <element ref="saml:AuthorizationStatement"/> <element ref="saml:AttributeStatement"/> </choice> </extension> </complexContent> </complexType> <element name="MultipleAssertion" type="saml:MultipleAssertionType"/> <complexType name="MultipleAssertionType"> <complexContent> <extension base="saml:AssertionAbstractType"> <choice minOccurs="0" maxOccurs="unbounded"> <element ref="saml:Statement"/> <element ref="saml:SubjectStatement"/> <element ref="saml:AuthenticationStatement"/> <element ref="saml:AuthorizationStatement"/> <element ref="saml:AttributeStatement"/> </choice> </extension> </complexContent> </complexType> <element name="AssertionSpecifier" type="saml:AssertionSpecifierType"/> <complexType name="AssertionSpecifierType"> <choice> <element ref="saml:AssertionID"/> <element ref="saml:Assertion"/> <element ref="saml:SingleAssertion"/> <element ref="saml:MultipleAssertion"/> </choice> </complexType> <element name="Statement" type="saml:StatementAbstractType"/> <complexType name="StatementAbstractType" abstract="true"/> <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/> <complexType name="SubjectStatementAbstractType" abstract="true"> <complexContent> <extension base="saml:StatementAbstractType"> <sequence> <element ref="saml:Subject"/> </sequence> </extension> </complexContent> </complexType> <element name="Subject" type="saml:SubjectType"/> <complexType name="SubjectType"> <choice maxOccurs="unbounded"> <element ref="saml:NameIdentifier"/> <element ref="saml:SubjectConfirmation"/> <element ref="saml:AssertionSpecifier"/> </choice> </complexType> <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> <complexType name="SubjectConfirmationType"> <sequence> <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/> <element name="SubjectConfirmationData" type="string" minOccurs="0"/> <element ref="ds:KeyInfo" minOccurs="0"/> </sequence> <!-- Need to modify this element--> </complexType> <element name="NameIdentifier" type="saml:NameIdentifierType"/> <complexType name="NameIdentifierType"> <attribute name="SecurityDomain" type="string"/> <attribute name="Name" type="string"/> </complexType> <element name="ConfirmationMethod" type="anyURI"/> <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/> <complexType name="AuthenticationStatementType"> <complexContent> <extension base="saml:SubjectStatementAbstractType"> <sequence> <element ref="saml:AuthenticationLocality" minOccurs="0"/> </sequence> <attribute name="AuthenticationMethod" type="anyURI"/> <attribute name="AuthenticationInstant" type="dateTime"/> </extension> </complexContent> </complexType> <element name="AuthenticationLocality" type="saml:AuthenticationLocalityType"/> <complexType name="AuthenticationLocalityType"> <attribute name="IPAddress" type="string" use="optional"/> <attribute name="DNSAddress" type="string" use="optional"/> </complexType> <element name="AuthorizationStatement" type="saml:AuthorizationStatementType"/> <complexType name="AuthorizationStatementType"> <complexContent> <extension base="saml:SubjectStatementAbstractType"> <sequence> <element ref="saml:Actions"/> <element ref="saml:Evidence" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Resource" type="anyURI" use="optional"/> <attribute name="Decision" type="saml:DecisionType" use="optional"/> </extension> </complexContent> </complexType> <element name="Actions" type="saml:ActionsType"/> <complexType name="ActionsType"> <sequence> <element ref="saml:Action" maxOccurs="unbounded"/> </sequence> <attribute name="Namespace" type="anyURI" use="optional"/> </complexType> <element name="Action" type="string"/> <element name="Evidence" type="saml:AssertionSpecifierType"/> <element name="AttributeStatement" type="saml:AttributeStatementType"/> <complexType name="AttributeStatementType"> <complexContent> <extension base="saml:SubjectStatementAbstractType"> <sequence> <element ref="saml:Attribute" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/> <complexType name="AttributeDesignatorType"> <attribute name="AttributeName" type="string"/> <attribute name="AttributeNamespace" type="anyURI"/> </complexType> <element name="Attribute" type="saml:AttributeType"/> <complexType name="AttributeType"> <complexContent> <extension base="saml:AttributeDesignatorType"> <sequence> <element ref="saml:AttributeValue"/> </sequence> </extension> </complexContent> </complexType> <element name="AttributeValue" type="saml:AttributeValueType"/> <complexType name="AttributeValueType"> <sequence> <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </sequence> </complexType> <element name="Conditions" type="saml:ConditionsType"/> <complexType name="ConditionsType"> <choice minOccurs="0" maxOccurs="unbounded"> <element ref="saml:Condition"/> <element ref="saml:AudienceRestrictionCondition"/> </choice> <attribute name="NotBefore" type="dateTime" use="optional"/> <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> </complexType> <element name="Condition" type="saml:ConditionAbstractType"/> <complexType name="ConditionAbstractType" abstract="true"/> <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/> <complexType name="AudienceRestrictionConditionType"> <complexContent> <extension base="saml:ConditionAbstractType"> <sequence> <element ref="saml:Audience" minOccurs="1" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="Audience" type="anyURI"/> <element name="Advice" type="saml:AdviceType"/> <complexType name="AdviceType"> <sequence> <choice minOccurs="0" maxOccurs="unbounded"> <element ref="saml:AssertionSpecifier"/> <element ref="saml:AdviceElement"/> <any namespace="##other" processContents="lax"/> </choice> </sequence> </complexType> <element name="AdviceElement" type="saml:AdviceAbstractType"/> <complexType name="AdviceAbstractType"/> </schema>
-- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC