OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] RoleDescriptorType in Metadata schema


-----Original Message-----
From: MAILER-DAEMON@mail.oasis-open.org
Sent: Wednesday, October 06, 2004 3:56 PM
To: scantor@wideopenwest.com
Subject: failure notice

Hi. This is the qmail-send program at mail.oasis-open.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

Sorry, only contributing members may post. If you are a contributing member,
please forward this message to administration@lists.oasis-open.org (#5.7.2)

--- Below this line is a copy of the message.

Return-Path: <scantor@wideopenwest.com>
Received: (qmail 1255 invoked by uid 60881); 6 Oct 2004 19:56:18 -0000
Received: from scantor@wideopenwest.com by hermes by uid 0 with
 (clamscan: 0.70. spamassassin: 2.64.  Clear:SA:0(0.0/7.0 tests=none
autolearn=no version=2.64):. 
 Processed in 0.694497 secs); 06 Oct 2004 19:56:18 -0000
Received: from unknown (HELO pop-5.dnv.wideopenwest.com) (
  by mail.oasis-open.org with SMTP; 6 Oct 2004 19:56:17 -0000
Received: from saidin (d60-65-48-137.col.wideopenwest.com [])
	by pop-5.dnv.wideopenwest.com (8.11.6/8.11.6) with ESMTP id
	Wed, 6 Oct 2004 14:56:14 -0500
Message-Id: <200410061956.i96JuEd27580@pop-5.dnv.wideopenwest.com>
Reply-To: <cantor.2@osu.edu>
From: "Scott Cantor" <scantor@wideopenwest.com>
To: "'Paul Madsen'" <p.madsen@entrust.com>,
   "'SAML SSTC \(E-mail\)'" <security-services@lists.oasis-open.org>
Subject: RE: [security-services] RoleDescriptorType in Metadata schema
Date: Wed, 6 Oct 2004 15:56:12 -0400
Organization: The Ohio State University
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-index: AcSr3MM+UVRsbZzrTTaCvWOSd494KwAAS6cA
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on 
X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no

> In the Metadata schema, it is the RoleDescriptorType that is 
> declared abstract rather than the RoleDescriptor element.

Elements aren't abstract in XML schema, types are. Elements can be of an
abstract type, as this one is, in which case xsi:type must be used to
declare the actual type.

> Consequently, XML Schema allows RoleDescriptor to occur in 
> metadata instances in addition to other elements of a type 
> derived from RoleDescriptorType, 

No, only the former. Try declaring a derived element and putting it in a
document, you'll get a failure because that's not in the choice allowed for
the EntityDescriptor.

> So the following would be valid
> <EntityDescriptor>
>     <RoleDescriptor>
>     </RoleDescriptor>
> </EntityDescriptor>

Nope. The type is abstract, and you have no xsi:type, therefore it's

> as well as something like
> <EntityDescriptor>
>     <new:NewRoleDescriptor 
> xsi:type="NewTypeDerivedFromRoleDescriptorType">
>     </new:NewRoleDescriptor>
> </EntityDescriptor>

Also invalid, since your extension element is not a legal choice.

> Was it the intent to allow the first case? Was it to avoid a 
> substitution group?

We don't permit substitution any more. The only legal way is:

<RoleDescriptor xsi:type="NewTypeDerivedFromRoleDescriptorType">

This is the same everywhere in the spec, Condition, Statement, BaseID, etc.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]