OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] Proposed DoNotCache Condition - with schemachange

I had an informal action (associated with AI-25) to check on the XML 
viability of the schema snippet below.  I think it's fine as far as it 
goes in defining a DoNotCacheCondition element, but there are a couple 
of things that also need to be done:

- The DoNotCacheCondition element needs to be mentioned in the content 
model of ConditionsType.  A line should be inserted after <element 
ref="saml:AudienceRestrictionCondition"/> that says <element 
ref="saml:DoNotCacheCondition"/>.

- The DoNotCacheCondition element is bound to the plain 
ConditionAbstractType, but this is a type that needs to be extended to 
be used concretely in an instance.  So I think a DoNotCacheConditionType 
needs to be created that trivially extends the abstract type, in much 
the same way as AudienceRestrictionConditionType was defined.  It would 
look like this (notice that the element declaration had to change too):

<element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />
<complexType name="DoNotCacheConditionType">
   <complexContent>
     <extension base="saml:ConditionAbstractType"/>
   </complexContent>
</complexType>

So if we're happy with the semantics of DoNotCacheCondition (it seemed 
to require some additional discussion last time it came up), I think the 
structural suggestions above would do the trick.

	Eve

Hal Lockhart wrote:
> Having received little input on the XML specifics of this, I decided 
> simplest is best. Here are the changes:
> 
> Add the following text after line 438 of the core spec.
> 
> ----
> 
> <DoNotCacheCondition> [Optional]
> 
> Indicates that the assertion SHOULD be used immediately and MUST not be 
> retained for future use. Note: no implementation is required to perform 
> caching, however any that do so MUST observe this Condition.
> 
> ----
> 
> immediately following "<element name="Audience" type="anyURI" />" insert:
> 
> ----
> 
> <element name="DoNotCacheCOndition" type="saml:ConditionAbstractType" />
> 
> ----
> 
> Hal
> 

-- 
Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Technologies and Standards               eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC