OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] A "final" proposal on status codes


> > The use of attributes/elements is a trickier problem, I think we 
> > really should use attributes for exactly the same reason SOAP is
using 
> > elements, consistency with the overall coding style.
 
I don't mind attributes at all, but the SAML schema-24 as currently
written only permits a single subcode, because the subcode is a single
attribute of the top level Status element. If that's an artifact of the
recursion being deleted, that's fine, just mentioning it.

The way to keep the recursion and still use attributes is to have
something like this:

<simpleType name="StatusCodeEnumType">
    <restriction base="QName">
        <enumeration value="samlp:Success"/>
        <enumeration value="samlp:VersionMismatch"/>
        <enumeration value="samlp:Responder"/>
        <enumeration value="samlp:Requester"/>
    </restriction>
</simpleType>
<complexType name="StatusCodeType">
    <sequence>
        <element name="Subcode" type="samlp:SubStatusCodeType"
minOccurs="0"/>
    </sequence>
    <attribute name="Value" type="sampl:StatusCodeEnumType"
use="required"/>
</complexType>
<complexType name="SubStatusCodeType">
    <sequence>
        <element name="Code" type="samlp:SubStatusCodeType"
minOccurs="0"/>
    </sequence>
    <attribute name="Value" type="QName" use="required"/>
</complexType>
<complexType name="StatusType">
    <sequence>
        <element name="Code" type="samlp:StatusCodeType"/>
        <element name="Message" type="string" minOccurs="0"
maxOccurs="unbounded"/>
        <element name="Detail" type="anyType" minOccurs="0"/>
    </sequence>
</complexType>

> > One issue that did occur to me is whether we should specify 
> > which sub codes are permissible for which top level codes.

For the ones defined in the SAML spec, definitely. Obviously this is an
open-ended thing.

A given error condition code is defined by a sequence of QNames, rooted
in the SAML top-level codes, but by definition this isn't an exhaustive
list, and any status SAML defines can be "suffixed" with additional
detail.

This is no different than the SOAP 1.1 dotted notation, just XML-ized.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC