[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML statement extension for XACML
Hello, Specification of SAML 2.0 profile of XACML defines XACMLPolicyStatement and XACMLAuthzDecisionStatement whose types are extensions of SAML StatementAbstractType element. It says that these statements should be placed in SAML Assertion elements (themselves placed inside SAML Response elements). As extended type from Statement I suppose. However, XACMLPolicyStatement and XACMLAuthzDecisionStatement are not defined as possible substitutions for Statement, as there is no "substitutionGroup" attribute in the XML schema, and substitutions are blocked anyway by blobkDefault="substitution" in both schemas (SAML and XACML-SAML profile). So, it seems that putting XACMLPolicyStatement and XACMLAuthzDecisionStatement in SAML assertions is not correct according to schemas. What is your mind about this ? Is schema of SAML extension for XACML profile normative ? Thanks in advance, Sincerely Frédéric Deléon
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]