[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Update to XPath
Hi Cameron, The other thing I realized is that the new attribute ResourceIndicator needs to be namespace qualified, since the attribute schema is <complexType name="AttributeType"> <sequence> <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Name" type="string" use="required"/> <attribute name="NameFormat" type="anyURI" use="optional"/> <attribute name="FriendlyName" type="string" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> -Greg On Jun 2, 2005, at 11:06 AM, Cameron Morris wrote: > Greg Whitehead wrote me yesterday and pointed out that the XPath > example > is incorrect. An XPath (even using abbreviated syntax) must include > namespace prefixes if the document it applies to uses namespaces. > > We can't drop in a namespace prefix without defining it. And there can > exist multiple namespace prefixes in one XPath. Its OK to simply use > the "xmlns:" attributes to define them. (Here is a reference to how > xacml did the same thing: > http://lists.oasis-open.org/archives/xacml/200207/msg00056.html ) > > > Example Redo: > <saml:Attribute xmlns:pp="urn:liberty:id-sis-pp:2003_08" > NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”; > Name=”/pp:PP/pp:LegalIdentity/pp:LegalName/text()” > ResourceIndicator=”urn:liberty:id-sis-pp:2003_08”> > <saml:AttributeValue xsi:type=”xs:string”>John Q. > Doe</saml:AttributeValue> > </saml:Attribute> > > This really makes use of the ResourceIndicator redundant, except in the > case where it points to an actual document. We should make > it optional. In which case we should change the text and make > a new revision. > > This simplifies things more since, in many my use cases, the attribute > schema needs no extension. > > > I'd also like to include some more examples, there seems to be some > confusion. > > Example XML document for John Doe: > <sample:body xmlns:sample="urn:saml:xpath:sample"> > <sample:foo> > <sample:bar name="sample element1">value1</sample:bar> > </sample:foo> > <sample:foo> > <sample:bar name="sample element2">value2</sample:bar> > </sample:foo> > </sample:body> > > Example attribute query: > <saml:AttributeQuery Id=...> > <saml:Subject> > <saml:NameID>JDoe</saml:NameID> > <saml:Subject> > <saml:Attribute> > <saml:Attribute xmlns:sample="urn:saml:xpath:sample" > NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”; > Name=”/sample:body/sample:foo/sample:bar”/> > <saml:Attribute xmlns:sample="urn:saml:xpath:sample" > NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”; > Name=”/sample:body/sample:foo/sample:bar/text()”/> > </saml:Attribute> > </samle:AttributeQuery> > > Resulting attribute statement: > <saml:AttributeStatement> > <saml:Attribute> > <saml:Attribute xmlns:sample="urn:saml:xpath:sample" > NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”; > Name=”/sample:body/sample:foo/sample:bar”> > <saml:AttributeValue> > <sample:bar name="sample element1">value1</sample:bar> > </saml:AttributeValue> > <saml:AttributeValue> > <sample:bar name="sample element2">value2</sample:bar> > </saml:AttributeValue> > </saml:Attribute> > > <saml:Attribute xmlns:sample="urn:saml:xpath:sample" > NameFormat=”http://www.w3.org/TR/1999/REC-XPath-19991116”; > Name=”/sample:body/sample:foo/sample:bar/text()”> > <saml:AttributeValue>value1</saml:AttributeValue> > <saml:AttributeValue>value2</saml:AttributeValue> > </saml:Attribute> > </saml:AttributeStatement> > > > - Cameron > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]