[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RoleDescriptorType in Metadata schema
-----Original Message----- From: MAILER-DAEMON@mail.oasis-open.org [mailto:MAILER-DAEMON@mail.oasis-open.org] Sent: Wednesday, October 06, 2004 3:56 PM To: scantor@wideopenwest.com Subject: failure notice Hi. This is the qmail-send program at mail.oasis-open.org. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <security-services@lists.oasis-open.org>: Sorry, only contributing members may post. If you are a contributing member, please forward this message to administration@lists.oasis-open.org (#5.7.2) --- Below this line is a copy of the message. Return-Path: <scantor@wideopenwest.com> Received: (qmail 1255 invoked by uid 60881); 6 Oct 2004 19:56:18 -0000 Received: from scantor@wideopenwest.com by hermes by uid 0 with qmail-scanner-1.15 (clamscan: 0.70. spamassassin: 2.64. Clear:SA:0(0.0/7.0 tests=none autolearn=no version=2.64):. Processed in 0.694497 secs); 06 Oct 2004 19:56:18 -0000 Received: from unknown (HELO pop-5.dnv.wideopenwest.com) (64.233.207.23) by mail.oasis-open.org with SMTP; 6 Oct 2004 19:56:17 -0000 Received: from saidin (d60-65-48-137.col.wideopenwest.com [65.60.137.48]) by pop-5.dnv.wideopenwest.com (8.11.6/8.11.6) with ESMTP id i96JuEd27580; Wed, 6 Oct 2004 14:56:14 -0500 Message-Id: <200410061956.i96JuEd27580@pop-5.dnv.wideopenwest.com> Reply-To: <cantor.2@osu.edu> From: "Scott Cantor" <scantor@wideopenwest.com> To: "'Paul Madsen'" <p.madsen@entrust.com>, "'SAML SSTC \(E-mail\)'" <security-services@lists.oasis-open.org> Subject: RE: [security-services] RoleDescriptorType in Metadata schema Date: Wed, 6 Oct 2004 15:56:12 -0400 Organization: The Ohio State University MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-reply-to: <7A3E1242FA9989439AD1F9B2D71C287F01D5F3D3@sottmxs05.entrust.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-index: AcSr3MM+UVRsbZzrTTaCvWOSd494KwAAS6cA X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on hermes.oasis-open.org X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.64 X-Spam-Level: > In the Metadata schema, it is the RoleDescriptorType that is > declared abstract rather than the RoleDescriptor element. Elements aren't abstract in XML schema, types are. Elements can be of an abstract type, as this one is, in which case xsi:type must be used to declare the actual type. > Consequently, XML Schema allows RoleDescriptor to occur in > metadata instances in addition to other elements of a type > derived from RoleDescriptorType, No, only the former. Try declaring a derived element and putting it in a document, you'll get a failure because that's not in the choice allowed for the EntityDescriptor. > So the following would be valid > > <EntityDescriptor> > <RoleDescriptor> > </RoleDescriptor> > </EntityDescriptor> Nope. The type is abstract, and you have no xsi:type, therefore it's invalid. > as well as something like > > <EntityDescriptor> > <new:NewRoleDescriptor > xsi:type="NewTypeDerivedFromRoleDescriptorType"> > </new:NewRoleDescriptor> > </EntityDescriptor> Also invalid, since your extension element is not a legal choice. > Was it the intent to allow the first case? Was it to avoid a > substitution group? We don't permit substitution any more. The only legal way is: <RoleDescriptor xsi:type="NewTypeDerivedFromRoleDescriptorType"> </RoleDescriptor> This is the same everywhere in the spec, Condition, Statement, BaseID, etc. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]