OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Validating XACML policies and requests against XSD

Hi Craig.

> >> More specifically, however, I think this came up in the context of which
> >> version of XACML was being used. SunXACML can (and I think any good
> >> PDP should support this) handle mixing versions of XACML.
> I disagree.  A policy that has declared itself to be XACML v2, and contains
> XACML v1 elements, is by definition invalid.  The XACML v2 specification
> has a clearly defined set of valid elements, and the allowable children of
> those elements (ie xacmlv2:Rule inside xacmlv2:Policy).  Anything that is
> not defined in the XSD as an allowable child element is therefore not
> valid.
Sorry, I should have been more specific. I wasn't talking about an XACML
2.0 policy containing a 1.x element. What I meant was that a PDP should
be able to handle both 1.x and 2.0 policies, and handle references from
one version to another. I definitely agree that it would be schema-invalid,
and therefore generally invalid, for a 2.0 policy to contain a 1.x element.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]