[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Inappropriate use of xsi:type in SAML profile protocol schemas
Some of the Committee Specification 1 XML Schemas for the SAML 2.0 profile of XACML use the "xsi:type" XML attribute in element definitions where they should use the "type" attribute. The affected schemas are: xacml-1.0-profile-saml2.0-v2-schema-protocol-wd-13.xsd.xml xacml-1.1-profile-saml2.0-v2-schema-protocol-wd-13.xsd.xml xacml-2.0-profile-saml2.0-v2-schema-protocol-wd-13.xsd.xml xacml-3.0-profile-saml2.0-v2-schema-protocol-wd-13.xsd.xml The following element definition is a typical case: <element name="Extensions" xsi:type="xacml-samlp:ExtensionsType" /> This definition is actually attempting to extend the XML Schema "element" element, which is of the XML Schema "topLevelElement" type, but is invalid because "xacml-samlp:ExtensionsType" isn't derived from "topLevelElement". The "type" attribute is no doubt intended instead of the "xsi:type" attribute. Because the "type" attribute is omitted from the element definition, the type for the "Extensions" element defaults to the XML Schema "anyType", perhaps explaining why the defect has escaped detection previously. Regards, Steven Legg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]