OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SAML statement extension for XACML


Specification of SAML 2.0 profile of XACML defines XACMLPolicyStatement 
and XACMLAuthzDecisionStatement whose types are extensions of SAML 
StatementAbstractType element.
It says that these statements should be placed in SAML Assertion 
elements (themselves placed inside SAML Response elements).
As extended type from Statement I suppose.

However, XACMLPolicyStatement and XACMLAuthzDecisionStatement are not 
defined as possible substitutions for Statement, as there is no 
"substitutionGroup" attribute in the XML schema, and substitutions are 
blocked anyway by blobkDefault="substitution" in both schemas (SAML and 
XACML-SAML profile).

So, it seems that putting XACMLPolicyStatement and 
XACMLAuthzDecisionStatement in SAML assertions is not correct according 
to schemas.
What is your mind about this ?
Is schema of SAML extension for XACML profile normative ?

Thanks in advance,

Frédéric Deléon

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]